|
|
|
|
|
|
by 3np
1660 days ago
|
|
|
Two changes I would make: * use -t ed25519 to generate keys, much more efficient for same security compared to RSA * don’t use ufw. It easily becomes a big mess and is a pain to manage with ansible. firewalld is a much better high-lever firewall. Preferably with nftables backend. If you have a bit bigger fleet and manage a CA you could look into using signed SSH certificates instead of public keys. That way you can provision access centrally without adding individual keys to individual servers. |
|
|