• PureTryOut
    link
    51 year ago

    Personally I made sure SSH is only accessible when connected through a VPN setup for that purpose. As in, that same machine hosts a Wireguard setup (through Tailscale) and you need to connect to that first before SSH is available. And then SSH also only accepts key-based authentication. I don’t think I need more than that?

      • PureTryOut
        link
        11 year ago

        I have a VPS that runs the main proxy which I can always access via a console on the website of the company I’m renting it from (Hetzner). The other machines run locally in my home so I can just plug in a cable if need be.

      • PureTryOut
        link
        11 year ago

        Sure but I rather not have the SSH port open to the world, it just makes it harder for attackers to get in this way. Besides I use the VPN for more things, some self-hosted services I don’t want accessible by the whole world.