SomeBoyoApr 20, 2024

What are common practice's for hardening/securing your server?

https://feddit.de/post/11284137

Show threadfoggyApr 20, 2024

Setup Fail2ban

Login only with SSH keys. MFA on SSH login. Use SSH proto 2.

Disable passwords, x11 forwarding, root logins

Reduce Idle timeout interval

Limit users’ SSH access

That should be more than enough for the average use case.

Show threadMaggiWuerze
You can have 2FA on ssh?
Apr 22, 2024 at 6:26amWeb
Show threadfoggyApr 22, 2024

Yep. Use SSH keys, not just protocol.

On connection, it’ll ask for your SSH password (this is different from the users password).

After that with something like authelia in place, you’ll be asked for a 2fa code.

Show threadMaggiWuerzeApr 22, 2024
So, no. SSH can’t do 2FA? I would need to set up Authelia and connect through that? I already use ssh keys instead of passwords to connect to my server
Show threadlemmyreaderApr 22, 2024
It is possible to have 2FA with a security key and ssh. Been on my to do list for some time to try it.
Show threadfoggyApr 22, 2024

Yes it can. I literally have it set up right now.

When I connect to my vps I am promoted for the password for my SSH key. Only works on a machine that has the ssh key.

Then I need to use 2fa.

Show threadMaggiWuerzeApr 22, 2024
Ah, so it the asks for the TOTP provided by Authelia? I misunderstood, sorry. That’s pretty cool. Do you maybe still have the guide you used to set that up?