If I need SSH access from outside of my LAN I usually port forward a different port to 22.
Another good idea is to run fail2ban on the Pi
(later worked out that if you enter an SSID passphrase that keychain saves this over the username
haven’t found this when setting up an ASUS router. Keychain stores the Wi-Fi password in an appropriate keychain item. It stores the admin credentials in a website keychain item related to the router’s IP address and its URL.
though is the problem you describe that you’re in the admin site for the router and then setting the SSID password? I can see that would overwrite your URL/IP-related password. Next time just say ‘no, do not save this password’ and your login credentials will be preserved.
yes exactly that - easy enough to say 'no' when you realise what it's going to save!
I assume you would have similar worries unless you have a VM set up for testing such things?
Why would you need a port open anyway - isn't/wasn't all the data flowing out of your network?
I used to use a different image for a different service and they were doing something that had data flowing in. When I rebuilt, I used my notes which included that old port.
