SomeBoyoWhat are common practice's for hardening/securing your server?
Don’t expose anything you don’t absolutely have to. If you can, put everything behind a VPN gateway.
Will a wireguard docker image work for getting ssh access to my server?
taazI wouldn’t recommend putting ssh behind any vpn connection unles you have a secondary access to the machine (for example virtual tty terminal from your provider or local network ssh).
I usually move the ssh port to some higher number just to get rid of the basic scanners/skiddies.
Also disable password login (only keys) and no root login.
And for extra hardening, explicitly allow ssh for only users that need it (in sshd config).
Ssh behind a wire guard VPN server is technically more secure if you don’t have a key-only login, but a pain if the container goes down or if you need to access the server without access to wireguards VPN client on your device.
Highly recommend getting a router that can accept wireguard connections. If the router goes down you’re not accessing anything anyways.
Then always put ssh behind the wireguard connections.
Yeah it’s good to have a system separate from the main server. It’s always so frustrating having to debug wireguard issues cause there’s some problem with docker
Do the secure thing and only access your Linux shell over Discord!
/s