Hacker News new | ask | show | jobs
by fak3r 523 days ago
This has been my practice for 20+ years of running SSH, that and using Ansible to keep sshd hardened. https://github.com/dev-sec/ansible-collection-hardening/tree...
1 comments
sshine 522 days ago
I also harden my sshd_config.

I mainly disabled all legacy cryptography and types of tunnelling/forwarding that I don't rely on:

https://gist.github.com/sshine/e42ecb7f9d7432e6df331eefdd490...

I also only expose SSH on public interfaces on one machine; all other machines have SSH over VPN.

link