Securing SSH port of Cloudron
-
Hi there,
I would like to ask the experts here regarding securing the SSH port of my Cloudron.
According to https://cloudron.io/documentation/security/ I changed the SSH port from 22-->202 and I installed SSHguard instead of file2ban. So I would like to ask if this seems to be enough for a basic security line for the SSH access or if I should do more like installing file2ban additionally or do something else.
Thanks in advance for some hints. -
Hi there,
I would like to ask the experts here regarding securing the SSH port of my Cloudron.
According to https://cloudron.io/documentation/security/ I changed the SSH port from 22-->202 and I installed SSHguard instead of file2ban. So I would like to ask if this seems to be enough for a basic security line for the SSH access or if I should do more like installing file2ban additionally or do something else.
Thanks in advance for some hints.@why42 Go back to 22, reinstall fail2ban, then secure the port by using Private key authentication.
I suppose you can keep sshguard, but still configure for private key auth.
Also, Using a port so close to 22 like 202 will do nothing to people scanning your ports in ranges (IE 1 - 2000 which will find that port anyway). So just leave it on 22 and only allow logins with Private keys (this will prevent brute forcing and private keys will take millions of years to decipher with a VERY good password protected key.)
-
@why42 The most important thing is to make sure you are using ssh key authentication and not password based auth. Moving to port 202 is helpful because there are way too many bots out there which just spam port 22. Personally, all my servers are on port 202 because the logs get flooded with bots non-stop.
-
@why42 The most important thing is to make sure you are using ssh key authentication and not password based auth. Moving to port 202 is helpful because there are way too many bots out there which just spam port 22. Personally, all my servers are on port 202 because the logs get flooded with bots non-stop.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login