this post was submitted on 23 Nov 2023
6 points (100.0% liked)
Homelab
380 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That seems to go against the general consensus... Why is everyone/everything online telling me to either disable SSH entirely, or change the SSH port to something incredibly obscure (and even that's not safe)?
Because they're being silly. There is no other public facing service more secure than a relatively modern OpenSSH.
In some instances, yes, it's best to disable the ssh that comes with whatever NAS OS you're running, because they often ship old code and don't care about updates and security.
But if you're running a relatively up to date OpenSSH and you're using keys, not passwords, then you are as secure as you can reasonably be. There's no math suggesting otherwise. Moving to a different port will reduce the frequency of attack, but that will have zero impact on the possibility of intrusion.
Put it this way: if relatively recent OpenSSH has a remotely exploitable vulnerability, you'll see it on the news on TV. You'll see it and hear about it literally everywhere. The world will stop for 24 hours and there will be widespread panic. You'll know.
If your NAS has an exploit, you might read about it on The Register a few months later.
Well said!