doorsopen·w zeszłym roku·discussPort knocking is so 2014. Single Packet auth for publicly exposed hidden services is great: https://github.com/mrash/fwknop
doorsopen·w zeszłym roku·discussAs someone who works with SREs every day, this breaks my heart.1 - Don't be on-call while going to ski2 - fail2ban and other automated systems can do this for you3 - Passwords suck and are typically not regularly rotated unless you're using some centralized IdPIf you're in this situation you have already failed. If you use password auth use 2FA as well, and then I don't cry, it's just toil though.