Easy to do with known internal networks.
Difficult to manage when roaming.
- 0 Posts
- 5 Comments
Joined 1 year ago
Cake day: November 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Disable password auth.
Enable key only auth.
Add in TOTP 2FA (google authenticator).
Randomize the port (reduce bots) that forwards to 22.
Configure lockout to block upon 3 failed attempts, for a long duration like 1 year. (Have a backup access on LAN).
Ensure only the highest encryption ciphers are accepted.
Ensure upgrades are applied to sshd at least monthly.
How is a VPN service more secure than an SSH service?
Both accept login.
Both provide can be brute forced / if using password.
2·1 year agoHere be dragons
Grafana.
Install something to gather metrics from every network device, and ship to Grafana.
Or configure some monitoring on your router and ideally ship it to Grafana.