|
|
|
|
|
|
by mchenier
762 days ago
|
|
|
Port knocking may be a first line defense here with a port scan attack detector to ban IPs that try to find such ports. See Linux knockd and psad for references. This obscurity doesn’t protect again man-in-the-middle but at least protects from unwanted and opportunistic guests. It also gives more time to indirectly protect from 0-day on sshd (aka the fiasco that could have been the xz incident). |
|
|