| 26 Feb 2025 |
 dgrig | All the things you mentioned help however. I personally change the ssh port, enable fail2ban and for a lot of hosts don't have ssh enabled over the internet since wireguard works good enough for me. Other people I know enable ssh only over tor hidden services, but I don't trust tor starting fast enough after a restart /shrug | 20:27:01 |
 magic_rb | I only allow ssh over wireguard period | 20:28:33 |
| dgrig | (waiting for a new circuit after a restart can be a bit annoying if you're trying to ssh right after a restart in my opinion) | 20:28:36 |
 Scrumplex | Another way to reduce ssh bot noise is to limit sshd to listen on IPv6 only | 20:50:50 |
 Fernando Rodrigues | In reply to @magic_rb:matrix.redalder.org
I only allow ssh over wireguard period ssh over wireguard is so nice | 21:36:06 |
 hexa | yeah, much nicer than just using ssh over internet | 21:38:07 |
| hexa | * yeah, much nicer than just using ssh over internet \s | 21:38:09 |
| hexa | to be clear, I have a wireguard/babel mesh, so I can ssh over a routed connection of private addresses | 21:38:39 |
| Fernando Rodrigues | In reply to @hexa:lossy.network
yeah, much nicer than just using ssh over internet \s i mean, unironically yes. | 21:38:43 |
| hexa | but now imagine a git host | 21:38:49 |
| Fernando Rodrigues | I don't see the issue? | 21:39:11 |
| hexa | git+ssh | 21:39:19 |
| hexa | * git+ssh:// | 21:39:30 |
| Fernando Rodrigues | Sure, just change the IP from whatever it was before to the wireguard address. | 21:39:43 |
| Fernando Rodrigues | ditto with a domain | 21:39:50 |
