Things to do:
- I'll be looking to run Moxie Marlinspike's knockknock daemon soon as that seems like a superior solution to port knocking and rate limiting. (big fan of his work on TextSecure and RedPhone!)
- Run OpenSSH as a hiddenservice. ÂThis seems obvious now but had not occurred to me.
- Look into Fail2Ban and DenyHosts and implement them.
Done and thank you for the reminders!
- Automated daily updates via emerge
- Server hardening done with hardened-gentoo
- Moved to key auth for ssh
Alan:
I'll keep you and the community updated if
soyoustart.com (OVH) has any problem with the exit. ÂBeyond forgetting to ban exits to 25 they have not said anything!
Thanks Alan, David and Robert!
Craig