Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
ilPinguino306478dSounds like a good idea to me, you wouldn't only defeat the average script kiddy but also stop their scanners from flooding your log with shit.
On the other hand, the VPN is only necessary if you need outside access to the SSH at all. Don't know if you do,but if not, just have your server listen to 192.168/16 and be done with it.
xalys129978dIt's not quite necessary (as long as you don't use the password 'Pw123') but it won't harm you and is to be recommended.
netikras567878dit's told to be the good practice to set up any maintenance access points behind vpn. However I don't bother setting up VPN for ssh :) I don't care of logs being flooded and I use at least 2k long keys for login rather than password. Haven't had any breaches yet
theKarlisK430578dIt's usually fine to just change to a other-than-default port for SSH and apply even the basic security hardening for it. A quick google with "SSH Hardening guide" will be enough to cover it with the first 1-3 results as the general practices usually are the same unless you have to set up really draconian security.
However, having a VPN in-place may provide other benefits ... like even if your IP at home suddenly changes or you suddenly move the PC to a completely different location, having it connected to a static, external VPN server as a client can ensure you that your targets in your proxy or other application/server configs won't have to change each time. Like always being able to access (as long as the internet connection or the home server hasn't gone down completely) the home server without setting up some finnicky Dynamic DNS which relies on some external service provider (nothing wrong if you already have something like this set up and working).
IntrusionCM32778dPlease. For the sake of god.
Don't use passwords.
Generate a safe PW protected key.
And then harden the SSH config.
Disallow any interactive login except from the internal network.
Disallow anything unneeded ...
SSH has a lot of options - if configured most of unsecure requests die in pre auth.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job
Data-Bound6This is dedicated to all Webdevs, especially those WordPress fanboys. I was reflecting on some things since I...
gravvy10so,i made a website and uploaded it to my paid hosting...some pages were blank when accessed.did some testing ...
bearcatsandor1Waking up, feeling like I have a cold I sit down at my computer and see that my biggest client has asked for a...