SomeBoyoWhat are common practice's for hardening/securing your server?
Don’t expose anything you don’t absolutely have to. If you can, put everything behind a VPN gateway.
Will a wireguard docker image work for getting ssh access to my server?
taazI wouldn’t recommend putting ssh behind any vpn connection unles you have a secondary access to the machine (for example virtual tty terminal from your provider or local network ssh).
I usually move the ssh port to some higher number just to get rid of the basic scanners/skiddies.
Also disable password login (only keys) and no root login.
And for extra hardening, explicitly allow ssh for only users that need it (in sshd config).
Ssh behind a wire guard VPN server is technically more secure if you don’t have a key-only login, but a pain if the container goes down or if you need to access the server without access to wireguards VPN client on your device.
Highly recommend getting a router that can accept wireguard connections. If the router goes down you’re not accessing anything anyways.
Then always put ssh behind the wireguard connections.
Yeah it’s good to have a system separate from the main server. It’s always so frustrating having to debug wireguard issues cause there’s some problem with docker