Our great sponsors
-
blocklist
This package contains a library that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy. (by zoulasc)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Possibly the best tool in this space is blacklistd / blocklistd, which just exposes some reporting APIs and hooks them directly in sshd, rather than trying to parse failed logins out of logs. That said, meh.
https://github.com/zoulasc/blocklist
while it is not the best, you can try my working sane default for sshd_config and sshd_config.
Each settings in the config files have annotations and details and some have additional links detailing why.
Even has a bash script to let you create these config files (defaults to a subdirectory, not into /etc/ssh)
https://github.com/egberts/easy-admin/tree/b74765baa450593be...