One of the first things my base ansible role does is disable password logins. All keys, all the time.
Comment on Alternative to ClamAV?
PlexSheep@feddit.de 9 months agoChanging the default porta is security through obscurity, which is not security but just a waste of time. Don’t rely on attackers “maybe not finding stuff” but rely on your stuff being secure, even if someone had all information about your network and system architecture.
For 2fa, the other commenter mentioned yubikey pam modules. Those are probably useful, but if you want to secure your ssh server, the best solution is to use ssh keys and disable password login. I can really recommend that as its one of the few things in security that improves both usability and security.
adam@kbin.pieho.me 9 months ago
PlexSheep@feddit.de 9 months ago
Never tried Ansible, I just use git and shell scripts, any advice to get started?
adam@kbin.pieho.me 9 months ago
Depends on how you like to learn. I'm a doer so I just got stuck in building and bodging things together.
Plenty of videos about, Jeff Geerling (youtuber who does lots of Raspberry Pi stuff) has a bunch of videos and a book.
Well worth it though. I couple it with terraform to handle the infra stuff and I can have a basic VPS spun up with a locked down firewall and SSH with a single command and about 5 minutes.
Alami@lemmy.world 9 months ago
What’s an ssh key? Nvm I’ll research
PlexSheep@feddit.de 9 months ago
Welcome to the top of cryptography.