Why custom? There’s 6.17 in trixie-backports.

What is n8n?

I mean not much difference in hardware support.

Ubuntu is the wrong choice for any server.

In general, I agree. But I don’t want do participate in holy wars.

Don’t expect much difference between Debian and Ubuntu. I guess you just need to install a newer kernel package from backports.

I’ve read the article you pointed to. What is written there and what you wrote here are absolutely different things. Docker does integrate with firewalld and creates a zone. Have you tried configuring filters for that zone? Ufw is just too dumb because it is suited for workstations that do not forward packets at all, so it cannot be integrated with docker by design.

What does dpkg --print-foreign-architectures say?

What are passwordless solutions in Windows for remote access, disk/filesystem encryption, keyrings?

BTW in all that cases a password can be replaced with a hardware token, for instance. It is just the simplest, most widely used and one of the less secure options.

There’s nothing special, it can be replaced with any TOTP/HOTP implementation. In particular, oathtool is supplied in most distros (it has only command line interface, probably there are also some GUI tools in your repos). However it does not support JSON key format that is provided as QR code for mobile 2FA apps. You have to copy and paste values from it manually.

However this will likely violate your employer’s security policy. The point of 2FA is that secret key is stored on a separate device, so that it cannot be stealed together with your password.

I recommend to try other Android apps on your phone. I use FreeOTP+ and have no problems with font readability. Some of my collegues use AndOTP and like it.