Started off by
- Enabling unattended updates
- Enable only ssh login with key
- Create user with sudo privileges
- Disable root login
- Enable ufw with necessary ports
- Disable ping
- Change ssh default port 21 to something else.
Got the ideas from networkchuck
Did this on the proxmox host as well as all VMs.
Any suggestions?
You are viewing a single thread.
View all comments 1 point
Unattended updates are a recipe for trouble. I’d never enable that.
I have no public services apart from 2 OpenVPN servers. To access everything else I connect to one of the OpenVPNs and use the services through the VPN routings.
The VPN can only be accessed if you possess a cert and key. I could even implement 2fa but for now SSL auth works securely enough.
1 point