endlessh VS mistborn

You can reduce the noise a lot by moving ssh to a non standard port. Security through obscurity isn't actually security, but it will reduce the number of attempts you receive. Another thing I like to do is put Endlessh on the standard port 22. That way as bots go by they will get stuck or at least slow down on that connection.

SSH tarpit with Endlessh and for the hidden SSH: auth with both a key files (that need unlocking and is on the computer) AND an One Time Password on my phone.

If you change the ssh port, install https://github.com/skeeto/endlessh to slow down the attackers

Even this requires you to successfully guess the username and password correctly, and if it's just not the default most people won't bother brute forcing further. Sidenote: you can use endlessh on a computer and port forward port 22 to trap scanners that scan the entire internet for open ssh ports to exploit.

The fun way is moving your ssh port somewhere else and installing endlessh to f the bots.

Such as endlessh

But, as a prank to Chinese hackers, what I did on my system was to run endless ssh. It keeps the ssh client busy as it slowly sends the ssh banner. I modified the code to send strings like:

For hardening: I use lynis for some guidance, the VPS runs rkhunter, AIDE and other things nightly and mails me the reports, fail2ban manages the SSH port, having SSH on a custom port helps to keep things quiet. If you're into these kind of things, have a look at the Endlessh tarpit to learn about login attempts on port 22 on your machine - I found it eye-opening.

Guys, anyone has experience with Mistborn ?

There is a github project that rolls a Nextcloud instance and Jellyfin together in a docker install. It also rolls a bunch more stuff as well. https://gitlab.com/cyber5k/mistborn

try mistborn: https://gitlab.com/cyber5k/mistborn

https://gitlab.com/cyber5k/mistborn has wireguard and valtwarden built-in

So there is one other option you can run with - mistborn. Now, fair warning - if you want to run this on a pi....flash at least 100GB of storage space on a microssd and then for the OS I recommend a Ubuntu flavor of your choice. Ideally the latest one he has listed as successful on his table of distros that he successfully installed it on.

I find the fundamental problem with this sort of server setup script/config management is that they inevitably get quite personal. Nobody really wants to use another devs and when you try to allow for a lot of customisation they tend get byzantine and complex.

That said I still think it's worth sharing. If nothing else we can all usually cherry pick nice ideas from each other.

I had an entirely private set of Ansible roles I'd cobbled together that I started to put in a more shareable state a couple of years ago. It has little overlap with what you're putting together, but I do think you might find the way it separates personal Ansible config and the main project roles into separate directories (and thus different git repos) useful.

I really need to dust off my project and get it to a releasable state this year [momod](https://github.com/adrinux/momod).

I assume you've come across the many similar projects like [Sovereign](https://github.com/sovereign/sovereign), [Mistborn](https://gitlab.com/cyber5k/mistborn)

https://gitlab.com/cyber5k/mistborn on my endpoint but route my traffic thru another another WG server first thus creating a multihop VPN in the interests of security

I've been using selfhosted Nextcloud with OnlyOffice for years. I've yet to encounter something it can't handle. In fact I opened up my setup at the beginning of the pandemic so others could host their own: https://gitlab.com/cyber5k/mistborn