To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

  • 486@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Disableing the root login gains nothing in regarding security.

    This is usually not the reason people recommend disabling root login. Since root is an anonymous account not tied to an actual person, in a corporate setting, you do not really know who used that account if you allow root login. If this is relevant for a personal home network is for you to decide. I would say there is not such a strong argument for it to be made in that setting.

    • ShortN0te@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      I absolutely agree with your. It can makes sence the disable it for access control, loging, auditing, etc. .

      But when you look online or just in the comment section here lots of ppl actually recommend it as a security meassure against attackers. “Need to brute force the username as well”