Y
Hacker News
new
|
ask
|
show
|
jobs
by
semi-extrinsic
3291 days ago
No, the best solution is to only allow login by SSH keys. No passwords => brute-forcing is impossible. So your threat model for someone gaining access no longer includes someone using weak passwords.
1 comments
pmoriarty
3291 days ago
If your ssh port is wide open and there's a remotely exploitable vulnerability, then using keys may not save you.
But there's no reason you couldn't use both keys and port knocking at the same time.
link
But there's no reason you couldn't use both keys and port knocking at the same time.