Ssh

Every public-facing server gets port-scanned within minutes of going online. Default SSH settings are decent but not great. Here is the checklist I run through on every new VPS. Disable password authentication In /etc/ssh/sshd_config: PasswordAuthentication no PubkeyAuthentication yes ChallengeResponseAuthentication no KbdInteractiveAuthentication no Restrict root login PermitRootLogin prohibit-password This allows root login with key but not password, which is fine for automation. For stricter setups, use no and sudo from an unprivileged user. ...