SomeBoyo@feddit.de to Selfhosted@lemmy.world · 3 months agoWhat are common practice's for hardening/securing your server?message-squaremessage-square40fedilinkarrow-up1106arrow-down12
arrow-up1104arrow-down1message-squareWhat are common practice's for hardening/securing your server?SomeBoyo@feddit.de to Selfhosted@lemmy.world · 3 months agomessage-square40fedilink
minus-squarefoggy@lemmy.worldlinkfedilinkEnglisharrow-up37·3 months agoSetup Fail2ban Login only with SSH keys. MFA on SSH login. Use SSH proto 2. Disable passwords, x11 forwarding, root logins Reduce Idle timeout interval Limit users’ SSH access That should be more than enough for the average use case.
minus-squaretaladar@sh.itjust.workslinkfedilinkEnglisharrow-up8·3 months agoRegular updates are definitely necessary too. Also, if you do limit SSH users to a chroot make sure you limit TCP (port) forwarding too.
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up3·3 months agoContainers can help lock services down if you do it right.
Setup Fail2ban
Login only with SSH keys. MFA on SSH login. Use SSH proto 2.
Disable passwords, x11 forwarding, root logins
Reduce Idle timeout interval
Limit users’ SSH access
That should be more than enough for the average use case.
Regular updates are definitely necessary too. Also, if you do limit SSH users to a chroot make sure you limit TCP (port) forwarding too.
Containers can help lock services down if you do it right.