i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

  • mshorey81@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Most likely it’s fine. Though it’s not terribly difficult to set up some flavor of VPN so you’re not exposing 22 at all outside your network. Personally I use Wireguard.

      • mshorey81@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Of course. But it’s just another layer to the onion. Pfblockerng, Crowdsec, Fail2Ban, wireguard…layers.

        • mcr1974@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          but wouldn’t you have to pay a performance penalty running ssh on top of wireguard.

      • davis-andrew@alien.topB
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        The benefit of wireguard^ is it runs over udp and won’t respond unless a peer with the right key hits it. ie a port scan won’t reveal anything because there’s no tcp port open to handshake, and wireguard won’t respond to junk data coming in.

        ^ Most VPNs run over udp. But i’m not sure say OpenVPN will respond to random crap, it probably won’t but i don’t want to state categorically that it won’t.