I dont use ufw, Im old and run raw iptables. But network perimeter here is the server perimeter, not the network (e.g. router). But I would apply the same logic to routers, only open ports you need
MaxAuthTries in the deb man page has this: Specifies the maximum number of authentication attempts permitted per connection. That could be both password and key
Just because you know how things work, doesnt mean everyone does. This is a good starting point for new homelabbers, as I see questions about security now and then
I’m also old and use iptables at server level as well.
But network perimeter here is the server perimeter, not the network (e.g. router).
Most ppl in my profession would not assume a host’s net controls as “network perimeter”, so I’m not sure what your context is there.
Just because you know how things work, doesnt mean everyone does.
Yeah, fair. But by the same token, we still have to chime in when these terms are thrown around and offered to newer homelabbers. And there is a lot of free security “advice” in these sub’s from folks who have a weak understanding of any of it.
You use ufw at your network perimeter? This is really basic stuff and a fair bit
misleadingnaive.MaxAuthTries is negated by having no password auth, so no point in having the option.
These are not complete or even accurate.
I dont use ufw, Im old and run raw iptables. But network perimeter here is the server perimeter, not the network (e.g. router). But I would apply the same logic to routers, only open ports you need
MaxAuthTries in the deb man page has this: Specifies the maximum number of authentication attempts permitted per connection. That could be both password and key
Just because you know how things work, doesnt mean everyone does. This is a good starting point for new homelabbers, as I see questions about security now and then
I’m also old and use iptables at server level as well.
Most ppl in my profession would not assume a host’s net controls as “network perimeter”, so I’m not sure what your context is there.
Yeah, fair. But by the same token, we still have to chime in when these terms are thrown around and offered to newer homelabbers. And there is a lot of free security “advice” in these sub’s from folks who have a weak understanding of any of it.