this post was submitted on 28 Nov 2023
3 points (100.0% liked)

Self-Hosted Main

511 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago (2 children)

Port forwarding will work, but it has major downsides

  1. Will draw attention of bots
  2. Secure as long as there are no security holes in openssh (which is rare but has happened)
  3. You _must_ harden the ssh server by disabling password auth, putting behind fail2ban

There are far better and safer alternatives that I would recommend over exposing a raw port to the world.

  1. Tailscale
  2. Wireguard/OpenVPN
[–] [email protected] 1 points 11 months ago

I would also add twingate as an alternative.

[–] [email protected] 1 points 11 months ago
  1. The bots are looking anyways.
  2. The other options being presented are various VPNs. OpenSSH has far more eyes on it, for much longer than any of the VPNs. Both generally run as root on the host and so have similar attack surfaces.
  3. Disabling password auth is less important than having good passwords, but is still a good idea since turning off passwords guarantees no bad passwords. Fail2ban provides no security.