@vkc One of the first things I do when I deploy a new VPS is to change the port OpenSSH listens on, apply a pre-defined firewall rule, install and set up a WireGuard tunnel, then block SSH at the firewall.
Top-level
6 comments
@vkc I've been pretty happy with DigitalOcean and Hetzner Cloud defaults for Debian and Ubuntu images. I haven't checked out Akamai/Linode, but should give them a try sometime. I also really like that Hetzner Cloud has ARM instances available, but they are currently available only in the EU. I wish there were other options outside of AWS, Azure, Google Compute and Oracle that had ARM instances. @qlp Yeah VPS solutions with ARM is something I've had my eye on too. It'd be convenient for testing things which I might want to deploy later on (at least it used to in my life of sysadmining). @vkc If you don't mind the higher latency of hopping across the pond, Hetzner Cloud ARM instances start at about $3.60/month (US is exempted from VAT, but local sales tax may be calculated) isn't too bad with 2 ARM cores, 4 GB of RAM and 40 GB of storage. It's definitely cheaper than the big cloud providers here and less clunky to deal with compared to Oracle Cloud. @qlp @vkc Linode is pretty good on that front. They let you install an SSH key during creation of your VPS and they offer a free firewall feature that lives outside your VM and can block ports before itโs ever been booted and configured. So I have SSH blocked there from the start and then use Tailscale for SSH access to my servers, set to keys only. If the baddies can get through that and then pull off an exploit, well, good job. ๐ |
@qlp awesome! Some VPS providers do really cool things with firewalls and virtual networking. Combining that with pre-defined SSH keys for initial setup and a lot of SSH security steps becomes simply a few clicks!