To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

  • @SheeEttin
    link
    English
    81 year ago

    I would only expose a VPN and use that to access the other services.

    • lemmyvore
      link
      fedilink
      English
      81 year ago

      Why? There’s no downside to ssh, if anything it’s easier to set up.

      • @[email protected]
        link
        fedilink
        English
        3
        edit-2
        1 year ago

        A VPN would give you access to a network, but not necessarily the devices on that network. It adds another layer of security as the user not only has to have SSH credentials/keys, but they also have to have the same for the VPN. SSH and VPNs would really be used in conjunction with each other.

        It’s onion security.

      • @SheeEttin
        link
        English
        11 year ago

        If you only want to provide ssh access to one host, sure. If you want to provide other services, on multiple hosts, then you’re either making it a jump box or a proxy, while a VPN would provide direct access (or at least as defined in the firewall and routing rules).