fsebugoutzone.org:9999

       Post 1582576 by profoundlynerdy@mastodon.technology
 (DIR) More posts by profoundlynerdy@mastodon.technology
 (DIR) Post #1582575 by frinkel@lamp.institute
       2018-11-29T13:48:01Z
       
       0 likes, 0 repeats
       
       So if you run a server, and you have SSH running on it, ALWAYS make sure you either change the port it listens on or restrict what IPs it accepts connections fromI realized I forgot to change the port until today and, well... I logged in this morning to this incredible statistic xD Keep in mind it&#39;s been up for a little over 12 hours.
       
 (DIR) Post #1582576 by profoundlynerdy@mastodon.technology
       2018-11-29T14:08:01Z
       
       0 likes, 0 repeats
       
       @frinkel Use key based authentication, disable remote logins as root, but configure an SSH user to be able to su - to root after SSH login. For the lazy, andfail2ban is your friend.BTW, while moving SSH to another port *can* be helpful, anyone who takes the time to portscan your world-facing IP will find your alternate SSH port. So, while I understand the argument for its use, I don&#39;t really consider it much of a security method.
       
 (DIR) Post #1582624 by frinkel@lamp.institute
       2018-11-29T14:10:37Z
       
       0 likes, 0 repeats
       
       @profoundlynerdy Yeah, chnaging the port is honestly less about stopping someone actively trying to hack into the server, and more stopping the bots trying to sweep the net for the low-hanging fruit.
       
 (DIR) Post #1582664 by frinkel@lamp.institute
       2018-11-29T14:13:02Z
       
       0 likes, 0 repeats
       
       @profoundlynerdy Yeah, changing the port is honestly less about stopping someone actively trying to hack into the server, and more stopping the bots trying to sweep the net for the low-hanging fruit. And then an IDS like fail2ban or imunify360 can take care of the port scans, among other things :PAnd key-based is definitely a good idea. Gonna need to set that in place before I bring my server live again.
       
 (DIR) Post #1582804 by profoundlynerdy@mastodon.technology
       2018-11-29T14:20:23Z
       
       0 likes, 0 repeats
       
       @frinkel Depending upon the number of nodes you have, key based authentication can be a bit of a pain to setup. This is especially true if you&#39;ve never done it before or haven&#39;t done it in a long time. But, yeah, it&#39;s worth it.Here is a decent tutorial on how to get that setup if you&#39;re unfamiliar. https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2