SomeBoyo@feddit.de to Selfhosted@lemmy.world · 3 months agoWhat are common practice's for hardening/securing your server?message-squaremessage-square48fedilinkarrow-up143arrow-down10
arrow-up143arrow-down1message-squareWhat are common practice's for hardening/securing your server?SomeBoyo@feddit.de to Selfhosted@lemmy.world · 3 months agomessage-square48fedilink
minus-squarePoutinetown@lemmy.calinkfedilinkEnglisharrow-up0·3 months agoSsh behind a wire guard VPN server is technically more secure if you don’t have a key-only login, but a pain if the container goes down or if you need to access the server without access to wireguards VPN client on your device.
minus-squareLem453@lemmy.calinkfedilinkEnglisharrow-up1·edit-23 months agoHighly recommend getting a router that can accept wireguard connections. If the router goes down you’re not accessing anything anyways. Then always put ssh behind the wireguard connections. For a homelab, there is rarely a need to expose ssh directly so best practice will always be to have multi layered security when possible.
Ssh behind a wire guard VPN server is technically more secure if you don’t have a key-only login, but a pain if the container goes down or if you need to access the server without access to wireguards VPN client on your device.
Highly recommend getting a router that can accept wireguard connections. If the router goes down you’re not accessing anything anyways.
Then always put ssh behind the wireguard connections.
For a homelab, there is rarely a need to expose ssh directly so best practice will always be to have multi layered security when possible.