Hacker News new | comments | show | ask | jobs | submit login

Oh yes, the first thing I do is change the SSH port, eleminates 99,99% of the auth attacks.



Damn. Why didn't I ever think of that? I'm doing that tomorrow.

-----


Remove root login over ssh and disable password logins and you are good to go. If you want to get fancy Google for ssh port knocking.

-----


disable password logins

I can't emphasize this one enough. Unless you need to login from a lot of different machines, there really isn't any excuse not to do this. It also has the bonus of making logins really easy since you don't have to type a password.

-----


If you host your systems on a VPS service like linode or slicehost then you have the backup of a web based console in case you screw up royally and have a HD crash on the one machine your SSH key was on (for example).

-----


Heh, port knocking looks cool, might do that just for the heck of it on a server that only I use.

Also, yes, among with changing the port the only way that should be possible to get in is through 'keys.

-----




Applications are open for YC Summer 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: