Похожие чаты

Hii! How do you handle ssh on production servers? We have

gone through the standard hardening steps(disable root/password login, listen on some other port, firewall configuration etc) but I am wondering if there is more I can do.

One idea I have is to make all the production servers part of the work VPN and have sshd listen only on the work VPN interface. work VPN is implemented using wireguard so extending it to production servers and keeping everything updated will be bit of a pain so I don't know if this is a good idea..

3 ответов

17 просмотров

This is already some good standard to be honest. You could provide the server with a fake SSH access on port 22, so people/bots that attempt would not care to explore further ports. And luckily nmap only reports common ports functions. If you run ssh on e.g. port 80, nmap will report it as "web/HTTP" stuff

for the legacy systems we use a bastion server that's only accessible via VPN

There is also https://en.wikipedia.org/wiki/Port_knocking, so you can hide the ssh port (even on a non-standard port)

Похожие вопросы

Обсуждают сегодня

а через ESC-код ?
Alexey Kulakov
29
30500 за редактор? )
Владимир
47
Чёт не понял, я ж правильной функцией воспользовался чтобы вывести отладочную информацию? но что-то она не ловится
notme
18
У меня есть функция где происходит это: write_bit(buffer, 1); write_bit(buffer, 0); write_bit(buffer, 1); write_bit(buffer, 1); write_bit(buffer, 1); w...
~
13
any reference of this implementation?
BitBuddha
29
Ⓐrtto, [4/23/24 7:02 PM] Please explain more fully how it is not working exactly, and what are the steps you are taking, and what error messages come or what happens. Ⓐrtto, ...
Ezza Kezza
2
sounds like people have lost their kaspa on tradeogre... does this mean tradeogre not trustworthy?
Ezza Kezza
15
Страшнейшая правда про списки ЦБ. С первых дней жизни P2P сферы, молодые человеки, начитавшись законодательной базы и "внутренних" документов, решили, что им противостоит сер...
Foxcool
3
Недавно Google Project Zero нашёл багу в SQLite с помощью LLM, о чём достаточно было шумно в определённых интернетах, которые сопровождались рассказами, что скоро всех "ибешни...
Alex Sherbakov
5
So much speculation in the last week. So much volatility in price. This is because Hedera has a GC that isn't using the network it's governing. Why aren't people asking why a...
Summit Seeker R
9
Карта сайта