Well if you are using strong passwords or no passwords from outside at all, but key auth only, i think you are pretty in the safe side. As i said, i have no ssh port open to the internet. Raising the ban time could only lead to banning myself. 😀
But for ports open to the outside, yes. I ppbly would do that too. Plus hardening the ssh config a bit
Can you give me ressources on how to configure f2b?
I usually leave the defaults, or maybe tweak the times a bit.
One could only enter my network thru vpn or nginx on 443 anyway, so I am not that worried
Enabling unattended updates -> Hell no. Regular Patchdays
Enable only ssh login with key -> yes
Create user with sudo privileges -> yes
Disable root login -> no
Enable ufw with necessary ports -> Basic iptables, but not on all hosts. But fail2ban
Disable ping -> nope
Change ssh default port 21 to something else. -> nope
Tbf I had a 200 Euro bill. For one year. If i invest say 1000 euros, for a low power setup, id be running it for at least 5 years for it to pay off.
I currently run a truenas on old consumer hardware and the rest I host is on sbcs.