• Kysol
    +2

    I too set up machines with an alternative port + keys instead of passwords. As you said it isn't a solution, but a bandaid.

    What I've also done in the past with some services was to firewall off the port, have a web interface where you logged in on. The login would record your IP in a separate log file, and a script would scrape that log adding the firewall rule to allow that IP address with a TTL. You then set it so that it keeps any existing connections upon firewall reset and after say 5 minutes the port is closed down to all IP's again.