You could have ssh only available through an authenticated hidden service... and if you are worried about not being able to get back into the vps then you could make ssh also available via knockknock: http://www.thoughtcrime.org/software/knockknock/
On Wed, Feb 5, 2014 at 11:45 AM, I beatthebastards@inbox.com wrote:
This is a good question. Perhaps 'hardening' a server could be addressed on the new web pages. It would seem to be important and pertinent for all who take the plunge and set-up a relay on a virtual private server but who may not know more than that, to secure their servers.
I would be glad to be better informed but so far I have found:-
use a substantial password or key authentication change the port you SSH in to don't allow logging in as root install DenyHosts and Fail2ban
Robert
Hi all,
I've been running a few fail relays over the past few years. All relays I run they begin with the prefix "Telos". I've recently ... begun hosting "TelosTor" and "TelosTor2" from 192.99.8.96. I would welcome any comments on security. ... I would relish the TOR community's feedback in order to further secure my tor exit node.
Thanks! Craig
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays