• PureTryOut@lemmy.kde.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Personally I made sure SSH is only accessible when connected through a VPN setup for that purpose. As in, that same machine hosts a Wireguard setup (through Tailscale) and you need to connect to that first before SSH is available. And then SSH also only accepts key-based authentication. I don’t think I need more than that?

      • PureTryOut@lemmy.kde.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Sure but I rather not have the SSH port open to the world, it just makes it harder for attackers to get in this way. Besides I use the VPN for more things, some self-hosted services I don’t want accessible by the whole world.