theniwo

joined 1 year ago
[โ€“] [email protected] 2 points 11 months ago

Tbf I had a 200 Euro bill. For one year. If i invest say 1000 euros, for a low power setup, id be running it for at least 5 years for it to pay off.

I currently run a truenas on old consumer hardware and the rest I host is on sbcs.

[โ€“] [email protected] 1 points 11 months ago (1 children)

Well if you are using strong passwords or no passwords from outside at all, but key auth only, i think you are pretty in the safe side. As i said, i have no ssh port open to the internet. Raising the ban time could only lead to banning myself. ๐Ÿ˜€

But for ports open to the outside, yes. I ppbly would do that too. Plus hardening the ssh config a bit

[โ€“] [email protected] 1 points 11 months ago (3 children)

Can you give me ressources on how to configure f2b?

I usually leave the defaults, or maybe tweak the times a bit.

One could only enter my network thru vpn or nginx on 443 anyway, so I am not that worried

[โ€“] [email protected] 1 points 11 months ago (5 children)

Enabling unattended updates -> Hell no. Regular Patchdays
Enable only ssh login with key -> yes
Create user with sudo privileges -> yes
Disable root login -> no
Enable ufw with necessary ports -> Basic iptables, but not on all hosts. But fail2ban
Disable ping -> nope
Change ssh default port 21 to something else. -> nope