Would be nice if cloud providers automatically had a fence around your subnet with an ssh proxy that did this stuff already. Seems crazy that typically you open up ssh directly to everyone.
In my most recent setup I created two VMs, one with just 80/443 -> HAProxy open and a second with only openvpn open. It should be more common practice, and offered by default from more providers, but unfortunately for now, you still have to set it all up yourself:
I haven't done that for years, prefering instead to change ports to an uncommon one and even then that port is only opened upon port knocking. My logs are so much easier to parse. (These days in nftables instead of iptables.)
There actually is some security through obscurity, despite everyone loving to bandwagon otherwise.
You put a wall around your property. It kept the dilettantes out, which means you have free time for something else.
If there’s a buffer overflow attack against SSH then you have security through obscurity. In the meantime you have security and obscurity. Assuming you’re using known rsa keys to login remotely...
not sure if that's obscurity. changing the port means you have to scan the whole port range. port knocking gives you another 2-4 bytes of entropy. (a determined attacker will try all the port knocking permutations)
Seems like putting bars on the windows. You're taking a couple of well known steps to make things a little harder for an attacker.
http://penguindreams.org/blog/bee2-creating-a-small-infrastr...