I share services with the public, so… strong passwords on everything, MFA, host scanning, SSH MAC/KEX/ciphers tweaked to ultra modern set and exposed only with keys with f2b activating on first failure, constant backups and automatic updates and scheduled reboots. Has worked great for a decade+.
I share services with the public, so… strong passwords on everything, MFA, host scanning, SSH MAC/KEX/ciphers tweaked to ultra modern set and exposed only with keys with f2b activating on first failure, constant backups and automatic updates and scheduled reboots. Has worked great for a decade+.