this post was submitted on 28 Nov 2023
3 points (100.0% liked)

Self-Hosted Main

502 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
[email protected]
3
forwarding port 22 safe? (alien.top)
submitted 9 months ago by [email protected] to c/[email protected]
91 comments fedilink hide all child comments
 

i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 9 months ago

Should be safe enough to do this but I’ll throw in one potential caveat. Say that you one day somehow need to troubleshoot your ssh server and have to re-enable password authentication. Depending on how many other services you plan to run, it can be easy to suddenly forget you have port 22 exposed on the outside and someone could potentially break in if you use a weak password. This is why I personally host only necessary https content over port 443 to the world. I host anything else so only my wireguard vpn can access it. As for bots hitting port 22 on the outside can be another huge problem. Changing the port can disuade some but remember that the port number is only two bytes in size. A comprehensive port scan only takes a very short amount of time to complete. This, in my humble opinion, creates an extra point of access for you to remember for not that much to gain. That all being said, forwarding key protected ssh is safe enough to do.