Port knocking - Wikipedia
en.m.wikipedia.org

To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

  • dalz@fedi.alsd.eu
    1·
    1 year ago

    Why disallow root login? I always need root when I connect, and stealing the password by aliasing sudo/doas is trivial. It seems to me it would just make life harder for no benefit.

    • this_is_router@feddit.deEnglish
      3·
      1 year ago

      Because then:

      • you also need to know the correct username
      • audits and logging shows which user used sudo to gain root access
      • ShortN0te@lemmy.mlEnglish
        0·
        1 year ago
        • you also need to know the correct username

        Use a secure password or key. Security by obscurity is no security.

        • audits and logging shows which user used sudo to gain root access

        That is not the point that was made. Once access to sudo or root you already have lost.