Comment on How much do you secure a home server that's only accessible with VPN?
neidu3@sh.itjust.works 1 day ago
My home servers have generally a lot smaller attack surface, as only a few ports are actually routed to them, so in theoey I could get away with a more relaxed approach. But I’m also a big believer in defense-in-depth, so I follow the same rules of thumb:
- iptables (or equivalent) that drops anything incoming that isn’t wanted
- any public facing service (except ssh) gets its own user
- disable root login via ssh
- ssh login with key only on any user in sudoers