so i am prepping a SFTP via VPN (wireguard) for a user on a single isolated port (no root access).
So far i hid /etc/group, passwd, shadow, then network and wireless files in /etc/config.
What else should i hide to protect VPN encryption and SFTP encryption in case of breach?
Do you want to allow an untrusted user connect to your VPN and use SFTP?
Perhaps you need something else since the current goal is obscure.
No i will be using it personally but i want to minimize damage in case of a breach. I have set up a cloud app on SFTP. Works perfectly. But am quite scared about breaches.
You should probably study the relevant wiki articles:
https://openwrt.org/docs/guide-user/security/start
Specifically those related to security hardening and privilege limitation.
So far all i miss is the key auth. Rest is already done. No one can change files but also not read my VPN details (as it is paid) or my password for root access or the username of root. I think it is okay then. I would need tho advice on the firewall thing on the other thread from you 