Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| IP | Internet Protocol |
| SSH | Secure Shell for remote terminal access |
| SSL | Secure Sockets Layer, for transparent encryption |
| TCP | Transmission Control Protocol, most often over IP |
| VNC | Virtual Network Computing for remote desktop access |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #693 for this sub, first seen 20th Apr 2024, 15:55] [FAQ] [Full list] [Contact] [Source code]
Use a hardened-by-default OS like OpenBSD, HardenedBSD, or something similar in Linux.
- fail2ban / brute forcing prevention
- quick, frequent updates(!)
- containerization / virtualization
- secure passwords, better keys
- firewall
- a hardened operating system (distribution)
- SELinux / Apparmor / … / OpenBSD
- not installing unnecessary stuff
- An admin who is an expert and knows what they do.
Don’t turn it on is the ultimate technique
Setup Fail2ban
Login only with SSH keys. MFA on SSH login. Use SSH proto 2.
Disable passwords, x11 forwarding, root logins
Reduce Idle timeout interval
Limit users’ SSH access
That should be more than enough for the average use case.
Yep. Use SSH keys, not just protocol.
On connection, it’ll ask for your SSH password (this is different from the users password).
After that with something like authelia in place, you’ll be asked for a 2fa code.
So, no. SSH can’t do 2FA? I would need to set up Authelia and connect through that? I already use ssh keys instead of passwords to connect to my server
