@qlp @vkc Linode is pretty good on that front. They let you install an SSH key during creation of your VPS and they offer a free firewall feature that lives outside your VM and can block ports before it’s ever been booted and configured.
So I have SSH blocked there from the start and then use Tailscale for SSH access to my servers, set to keys only. If the baddies can get through that and then pull off an exploit, well, good job. 😄
@dmnelson @vkc Yep, that's how DigitalOcean and Hetzner work as well. It's nice to have multiple lines of defense, be it at the virtual network level before it hits your droplet network stack and more fine-grained control afterwards.