Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
It's really not that hard to find SSH servers running on a non-standard port.
nmap
or a similar port-scanning software package can find ports listening for TCP connections. There are software packages -- don't recall names off-the-cuff, but I'm sure that you could go dig one up -- that connect to ports and then aim to identify the protocol from a fingerprint out of a database that they have. The SSH protocol has a very readily-identifiable fingerprint, don't even need specialized software.Let me just bounce to a machine as an example:
That being said, I don't disagree with your broader point that I wouldn't personally bother with trying to add more layers on top of ssh, as long as you're keeping current on updates.
I feel like the argument for using a nonstandard ssh port these days is that you dodge the low tier automation/bots that are endlessly scanning IPs and port 22 and trying obvious usernames and passwords. I do also question how much it is worth dodging these since presumably you'd have already done the other basics like key only and no root login before this. Maybe there's some value if you want a clean auth.log or equivalent