[abhinavk]

> You want to use SSH (Secure Shell) and make sure that SSH is the only way to log in.

Some distributions (like openSuSE) also enable KbdInteractiveAuthentication by default so just disabling PasswordAuthentication won't work.

[dsissitka]

This is one of those things I like to verify:

  david@desktop:~$ nmap -p 22 --script ssh-auth-methods becomesovran.com
  Starting Nmap 7.92 ( https://nmap.org ) at 2024-08-25 23:31 EDT
  Nmap scan report for becomesovran.com (162.213.255.209)
  Host is up (0.066s latency).
  rDNS record for 162.213.255.209: server1.becomesovran.com

  PORT   STATE SERVICE
  22/tcp open  ssh
  | ssh-auth-methods:
  |   Supported authentication methods:
  |     publickey
  |     gssapi-keyex
  |     gssapi-with-mic
  |     password
  |_    keyboard-interactive

  Nmap done: 1 IP address (1 host up) scanned in 0.86 seconds
  david@desktop:~$

As far as I can tell AuthenticationMethods publickey is the right way to do it these days but I'd love to know if that's not the case.

[yjftsjthsd-h]

I've just been doing

    ssh -v localhost echo 2>&1 | grep continue

(obviously replacing "localhost" with whatever server you want, and you can put anything you want where "echo" is but that's the best no-op I've come up with)

[cassianoleal]

The best no-op, if there is such a thing, is probably `:` or `true`.

[yjftsjthsd-h]

Oh nice, `:` does work:) I thought that wouldn't work because it was a shell built-in. Thanks!

[_blk]

I'm a bit sceptical of the choice of port 2222 as an alternative. At that point you might as well leave 22, but otherwise it's a good intro. If you're serious about starting post the sections into [insert AI service name] and start asking questions.

[0cf8612b2e1e]

Anything other than 22 is an improvement in just the reduced log volume.

[dartos]

Yeah, you basically dodge most automated attacks by getting off port 22