CentOS 6 | OpenSSH
I have an external facing server and would like the convenience of being able to access it via my phone. The system itself is an island and has no association/connection to my internal network at all.
I presently have SSHD configured to listen on a different port and only allow connectivity if:
- SSH traffic is coming from specific remote IPs
- SSH clients are using authorized 2048-bit RSA keys.
I'd like to take off the source IP requirement to make access more convenient from mobile devices but my concern is that I'd be opening myself up for a world of hurt later.
Would it help to leverage something like fail2ban to block repeat offenders?
My question is:
IF I keep my SSH server up-to-date, and IF I keep my private key secret/secure, how much confidence can I have that a system requiring SSH authorized keys won't be easily compromised?