|
|
|
|
|
|
by tragictrash
1582 days ago
|
|
|
Use ssh pubkey auth and disable password. Set up a totp challenge after pubkey auth. Switch the default ssh port. Restrict ssh login to 1 user who's name isn't 'root' or 'ubuntu' or something everyone would look for. Wrap that in wireguard, and have ssh only listen on the wireguard interface if your worried, but that's an unnecessary extra step. |
|
|