[Nottingham] Dealing with a router that does not support Port Forwarding

[Jason Irwin]

On 08/05/15 17:44, Jason Irwin wrote:
> Now just to decide how to secure the thing.
> Add fail-to-ban...
> Maybe even VM...

As I already have fail2ban running on a VM, simple enough job to set
that up as the gateway.
I plan to make sshd only accept certs*, limit access to a couple of
users, rate-limit login attempts in ufw/iptables and expose it on a
non-standard port.

Any other low-hanging fruit I should consider?

* Annoyingly the JuiceSSH Android app cert doesn't appear to work
despite being in "authorized_keys". Grr....

-- 
╔═════════════╦══════════════════════════════════════════╗
║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
║             ║ Import from hkp://pgp.mit.edu            ║
╚═════════════╩══════════════════════════════════════════╝