Sorry, misunderstanding here, I’d never open SSH to the internet, I meant it as “don’t block it via your server’s firewall.”
Comment on Jellyfin over the internet
Novi@sh.itjust.works 16 hours agoI would not publicly expose ssh. Your home IP will get scanned all the time and external machines will try to connect to your ssh port.
oong3Eepa1ae1tahJozoosuu@lemmy.world 14 hours ago
fuckwit_mcbumcrumble@lemmy.dbzer0.com 15 hours ago
Change the port it runs on to be stupid high and they won’t bother.
caseyweederman@lemmy.ca 10 hours ago
Yeah hey what’s your IP address real quick? No reason
fuckwit_mcbumcrumble@lemmy.dbzer0.com 10 hours ago
In 3 years I haven’t had a single attempted connection that wasn’t me. Once you get to the ephemeral ports nobody is scanning that high.
I’m not saying run no security or something. Just nobody wants to scan all 65k ports. They’re looking for easy targets.
mic_check_one_two@lemmy.dbzer0.com 8 hours ago
Just nobody wants to scan all 65k ports.
Shodan has entered the chat.
30p87@feddit.org 16 hours ago
fail2ban with endlessh and abuseipdb as actions
Anything that’s not specifically my username or git gets instantly blocked. Same with correct users but trying to use passwords or failing authentication in any way.
mosiacmango@lemm.ee 9 hours ago
Youve minimized login risk, but not any 0 days or newly discovered vulnerabilites in your ssh server software. Its still best to not directly expose any ports you dont need to regularly interact with to the internet.
Also, Look into crowdsec as a fail2ban replacement. Its uses automatically crowdsourced info to pre block IPs. A bit more proactive compared to abuseipdb manual reporting.