zlacker

[parent] [thread] 2 comments
1. t0mk+(OP)[view] [source] 2025-12-18 08:21:14
I don't whitelist IPs for ssh anymore, but I always run sshd on randomly selected port, in order to not get noticed by port scanners.

I do it for a really long time already, and until now I am not sure if it has any benefit or it's just umbrella in a sideways storm.

replies(2): >>lordna+g1 >>forbid+gg1
2. lordna+g1[view] [source] 2025-12-18 08:33:55
>>t0mk+(OP)
As long as you understand it's security by obscurity, rather than by cryptography.

I don't think it's wrong, it's just not the same as eg using a yubikey.

3. forbid+gg1[view] [source] 2025-12-18 16:41:12
>>t0mk+(OP)
This won't hide you completely, but it will reduce log spam.

My sshd only listens on the VPN interface

[go to top]