Before people get worried about this, this is how literally any online service works. If you have an account anywhere, you trusted that service to not record your password.
Only exception is oauth, which actually might be a good idea for Lemmy.
- Posts
- 0
- Comments
- 3
- Joined
- 3 yr. ago
- Posts
- 0
- Comments
- 3
- Joined
- 3 yr. ago
Public key auth, and fail2ban on an extremely strict mode with scaling bantime works well enough for me to leave 22 open.
Fail2ban will ban people for even checking if the port is open.