For remote management, I just enable SSH, configure it to run on some non-standard port and enable Fail2ban... Make sure I use certificates or secure passwords and also check if fail2ban is actually doing its job. Never had any issues with that setup.
This is what I've done for years, but I sometimes feel like it's not a great solution from a security standpoint.
Though I have switched from fail2ban to Crowdsec, which did end up banning my own connection attempts when I forgot to whitelist myself, so that seems secure enough.
This is what I've done for years, but I sometimes feel like it's not a great solution from a security standpoint.
Though I have switched from fail2ban to Crowdsec, which did end up banning my own connection attempts when I forgot to whitelist myself, so that seems secure enough.