Exactly.
And if you have any sense, you disable password authentication in ssh.
> if you have any sense, you disable password authentication in ssh
Yes, of course. Those are standard practice... for those who "care" and have any "sense".
You would be appalled at how many admins DO NOT do/have either of those things.
This machine is set up to always use TLS wherever possible. I use https: whenever possible.
Have plugin to disable Java scripts unless I allow them. Only have a few that are default allowed.
It has helped. It does cause some issues when logging onto sites with a dozen scripts running. I hate them. Normally avoid the sites.
It certainly made what I show to the web much much smaller.