undefined | Better HN

0 pointst0mas884y ago0 comments

I do the same, but only 10 minutes after 5 failed logins. That's enough for bots while not really getting in your way if it accidentally blocks the hotel you're in.

Combined with only allowing key based login, password is disabled.

0 comments

_moof4y ago

I've recently added 2FA as well. Super easy to do.

alias_neo4y ago

I wrote a blog on how to do it a couple years back if anyone is interested in a "tutorial": https://2byt.es/post/totp/

It's for the Pi as that's the target audience but it should apply generally for OpenSSH.

There's also a sister post about improving your "first factor" for those still using passwords: https://2byt.es/post/totp2/

j / k navigate · click thread line to collapse