Securing SSH port of Cloudron

why42

Hi there,
I would like to ask the experts here regarding securing the SSH port of my Cloudron.
According to https://cloudron.io/documentation/security/ I changed the SSH port from 22-->202 and I installed SSHguard instead of file2ban. So I would like to ask if this seems to be enough for a basic security line for the SSH access or if I should do more like installing file2ban additionally or do something else.
Thanks in advance for some hints.

murgero

@why42 Go back to 22, reinstall fail2ban, then secure the port by using Private key authentication.

I suppose you can keep sshguard, but still configure for private key auth.

Also, Using a port so close to 22 like 202 will do nothing to people scanning your ports in ranges (IE 1 - 2000 which will find that port anyway). So just leave it on 22 and only allow logins with Private keys (this will prevent brute forcing and private keys will take millions of years to decipher with a VERY good password protected key.)

girish

@why42 The most important thing is to make sure you are using ssh key authentication and not password based auth. Moving to port 202 is helpful because there are way too many bots out there which just spam port 22. Personally, all my servers are on port 202 because the logs get flooded with bots non-stop.

will

@girish I second this