SSH security

Feel free to use SSH but protect your PC against hackers.

My PC can always be reached from the outside via SSH. This is necessary, among other things, for the Dropbox-not-needed-anymore function.

I did change the SSH port by opening a port other than 22 on the router and then forwarding it to port 22 on the home PC:

Prevent logging in as root
In addition, I prevent them from logging in with the username root. You can only log in if you know my personal username and password. The password is absurdly complex and long. You can't type it in because it would take you an hour (I use Espanso when I have to type it at home). Edit the SSH config:

sudo nano /etc/ssh/sshd_config

And make sure in that file PermitRootLogin no is on (remove the #-u). By default in Linux Mint, that line was commented out with #.

Set AllowUsers
Add the AllowUsers entry to the sshd_config file with your username:

AllowUsers=pietje

This way they cannot log in as another (system or normal) user.