That is probably the safest option.tpyo kingg wrote: ↑Mon Sep 02, 2019 7:08 amAs far as I can tell, in regards to running OpenSSH on the Raspberry Pi, the single best mitigation tactic is to use SSH key-based or SSH-certificate based logins with password authentication disabled. Most bots seem to be able to determine this and back off on first contact, regardless of which port SSH is listening on.
One other that I have used when I have occasionally had to log in from a device that I hadn't used before is One Time Passwords. There is a package in Debian/Raspbian that will let you set up a series of random passwords that can only be used once.
You run a command on the system to be accessed and that gives you a list of ten or so numbered passwords that are valid. There is also as keyword that you set up in advance.
Then when you log in you get a password prompt that is something like (sorry, a while since I used this and can't remember exactly)
which means you have to enter the keyword followed by the 12th password on the list.
Code: Select all
If the keyword and password are correct you get logged in and that password is deleted. If not correct it gets left as it is.
I used to use this when I logged in from my phone which didn't support shared keys at the time.