Y
Hacker News
new
|
ask
|
show
|
jobs
by
steffan
1586 days ago
Even if you don’t have a static IP, you can probably restrict to a /24 subnet or maybe /16.
Additionally, you can ensure password access is disabled and use ssh keys along with 2FA.
2 comments
dx034
1586 days ago
My ISP has at least 10 ranges (a result of the shortage and mergers) and there's little info about which ranges I could get IPs from.
link
hitsurume
1586 days ago
Just curious but what would adding a /24 or /16 do if we're still allowing 0.0.0.0?
link
1123581321
1586 days ago
You would set it based on the range your ISP tends to assign you, and remove 0.0.0.0 for the ssh port.
link
jtl999
1586 days ago
Unfortunately. I have seen some ISPs DHCP servers assign IPs with no particular subnet(s). Could be a case here as well.
link
1123581321
1586 days ago
That’d be frustrating, not just for this. I’d probably be looking into a solution like Tailscale to tunnel out. Or just develop a gnarled security rule list full of rich history. :)
link