On 15.02.23 17:51, Marc SCHAEFER wrote:
On Wed, Feb 15, 2023 at 05:43:12PM +0100, Jan Just Keijser wrote:
Having port 22 open on the internet is asking for bots & script kiddies to
try and break in, but usually fail2ban takes care of it quite nicely.
Yes, and I you can report to abuseipdb.com -- that's why my main server has
port 22 open (and there are a few measures that make succeeding
authentification unlikely -- the remaining risk is a zero-day on SSH itself).
This is where my default fw setup is getting its dynamic blocklists
from, I mentioned that earlier. With the list I am using (around 64000
IP records) I am getting up to 2000 hits/24 hours.
On a sensitive machine, I use port knocking.
This is what I was talking about in an earlier post - port knocking to
protect this instances would be implemented in multiple dimensions.
Also I would not run a sshd at its default port exposed to the internet
even if hidden :)
Also no user/pw auth, ssh certs for auth.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
