Been using UNIX since the late 80s; Linux since the mid-90s; virtualization since the early 2000s and spent the past few years working in the cloud space.
Location
Alexandria, VA, USA
Education
B.S. Psychology from Pennsylvania State University
Get rid of passwords where possible — for remote SSH only allow key-based logins
Set good passwords on your keys
Keyring tools (pageant.exe, ssh-agent, gpg-agent, etc.) make it so that even with a ridiculously complex password, you only need to enter it once every few hours.
Set up 2FA - especially for accounts that have the ability to perform privileged tasks. There's a couple good options out there for Linux and, thanks to PAM, can be used to secure more than just remote-logins' initial credential-negotiation.
Especially if you're managing an Internet-facing system that you have no ability to restrict SSH to a list of trusted hosts/IPs, set up your system to automatically black-hole password guessers — temporarily or permanently. This can be accomplished in iptables or by way of third-party tools.
I've locked myself out via iptables
Whenever you're considering adding new rules (you still use iptables, directly, rather than via firewalld?), only add them to the running configuration, not the on-disk configuration. If you lock yourself out, instead of having to rebuild (even if your VPS provider doesn't offer remote there may be alternatives to rebuilding), all you need to do is reboot to make the offending rule go away. Once you've validated that your new rule does what you need it to do, then save the config to disk.
You haven't lived until you've locked yourself out of a co-located physical system and had to make an hour-long drive to fix a bad firewall rule. It tends to pretty firmly instill habits.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Some other things for your list:
pageant.exe,ssh-agent,gpg-agent, etc.) make it so that even with a ridiculously complex password, you only need to enter it once every few hours.iptablesor by way of third-party tools.Whenever you're considering adding new rules (you still use
iptables, directly, rather than viafirewalld?), only add them to the running configuration, not the on-disk configuration. If you lock yourself out, instead of having to rebuild (even if your VPS provider doesn't offer remote there may be alternatives to rebuilding), all you need to do is reboot to make the offending rule go away. Once you've validated that your new rule does what you need it to do, then save the config to disk.You haven't lived until you've locked yourself out of a co-located physical system and had to make an hour-long drive to fix a bad firewall rule. It tends to pretty firmly instill habits.