Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?
And if it is, why change it on the server and not in the fw?
Comment on [deleted]
truthfultemporarily@feddit.org 3 weeks ago
This is mostly nonsense.
- Why block outgoing? Its just going to cause issues for most people. If you’re going to do that, do it centrally (hw firewall)
- Why allow http and NTP incoming, when there is no http / NTP server running.
- If there is http server running no mention of ssl-config.mozilla.org and modsecurity
- If you’re using ufw anyway why not go with applications instead of ports?
- In a modern distro, the defaults are usually sane (maybe except TCP), most of the stuff in the SSH config is already default.
- Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?
- Actually potentially impactful stuff like disabling services you don’t need, such as cups, is not mentioned
- unattended-upgrades not mentioned
- SELinux / AppArmor not mentioned
- LKRG not mentioned lkrg.org
- Fail2ban not mentioned
Don’t just copy random config from the internet, as annoying as it is, read the docs.
uranibaba@lemmy.world 3 weeks ago
truthfultemporarily@feddit.org 3 weeks ago
If you change it, definitely change it on the server so it shows up in netstat and is consistent.
uranibaba@lemmy.world 3 weeks ago
I mean keep using port 22 on the server and redirect whatever port you want in your firewall (your router unless you have a dedicted fw) to port 22. Don’t change the ssh port on the server at all.
truthfultemporarily@feddit.org 3 weeks ago
I understand this, but this is inconsistent behavior. You now use 22 inside your network and something else outside. Whenever you create inconsistent behavior, everyone using it has to have an awareness of all these inconsistent behaviors.
Also, it is hard to troubleshoot because the tool most admins would want to use (netstat) will not give you useful information to understand the situation.
RubberElectrons@lemmy.world 3 weeks ago
Til about lkrg.
Mordikan@kbin.earth 3 weeks ago
But you need that legal banner in case your spouse acts up and you need to throw their ass in prison.