To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

  • @False
    link
    English
    20
    edit-2
    1 year ago

    You’re making it that much easier for someone to brute force logging in or to exploit a known vulnerability. If you have a separate root password (which you should) an attacker needs to get through two passwords to do anything privileged.

    This has been considered an accepted best practice for 20+ years and there’s little reason not to do it anyways. You shouldn’t be running things as root directly regardless.

    • @[email protected]
      link
      fedilink
      English
      -41 year ago

      When you have secure passwords kr key auth. Brute force is not a problem. What vulnerability are you talking about? Complete auth bypass? Then the username would be no problem either since you can just brute force usernames.

      • @False
        link
        English
        21 year ago

        Heartbleed was a thing that happened.