Comment on How to harden against SSH brute-forcing?
sugar_in_your_tea@sh.itjust.works 1 week agoIt’s absolutely overboard, and you can get 99% of the way there with this:
- WireGuard config (Tailscale in your case)
- Bind SSH to WireGuard IP only (so no public SSH port)
- SSH keys only, and disable root login over SSH
That will require breaking WireGuard and openSSH’s key-based authentication, which just isn’t happening. The rest looks like mostly auditing. Even a firewall isn’t necessary if no ports are accessible anyway (i.e. everything only accessible over Tailscale), and you can just configure iptables to block everything on the WAN IP and call it a day.
irmadlad@lemmy.world 1 week ago
It’s nice to be commented by someone famous.
Open up the window, let some air into this room I think I’m almost chokin’ from the smell of stale perfume And that cigarette you’re smokin’ 'bout scare me half to death Open up the window, sucker, let me catch my breath
sugar_in_your_tea@sh.itjust.works 1 week ago
Mama told me not to come.
Fun fact, my usernames on Reddit (I would cycle them every couple of years) were all Three Dog Night lyrics, so I continued the theme on Lemmy.