2025-04-19, 07:23 PM
(2025-04-19, 11:53 AM)jimdogx Wrote:Quote:If you expose port 22 for remote shell access, that is a different story. But you can take extra steps to protect yourself.
The primary way I protect ssh is by using PKI ONLY, no password logins via ssh. That significantly increases the difficulty of gaining access via brute force.
I'll add to this. Although very simple, if and when I do want to SSH remotely, I run SSH on a non-standard port. Back in the day, when I ran SSH on port 22, the amount of remote failed login attempts from bots in my log files was insane. Picking a random port helped a lot.
This. Very much this. I also run all of my services on non-standard ports. Except for the Matrix federation port. Back when I was young and dumb, I had MS RDP on its standard port exposed publicly. Thousands and thousands and thousands of failed login attempts. Lesson learned.
Just don't become lazy with your other security best practices because you think "security by obscurity" is enough.
Jellyfin 10.10.7 (Docker)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1