Comment on How can I keep my forwarded port secure?
StrawberryPigtails@lemmy.sdf.org 2 months ago
The simplest way to do this, is to put the server on a private vpn (I use Tailscale, there are others) and expose ports only to the vpn. Then you share access to the vpn with your friends.
With Tailscale, this is as simple as sending them a share link for the host. They will need to have an account at Tailscale, and have the client running, but they will then be able to access the host with a static ip address.
As a general rule of thumb, nothing should be exposed to the public internet unless you want that service to be public access and then you need to keep it up to date. If a vulnerability doesn’t currently exist for the service, one will sooner rather than later. SSH, especially password only ssh, can be broken into fairly easily. If you must expose ssh to the public internet for whatever reason, you need to be using IP white lists, password protected keys, change the default port, and turn off service advertisements and ping responses. I’m probably missing something. When someone scans your server randomly, they should see nothing. And if they fail login they should be ip blocked.
atzanteol@sh.itjust.works 2 months ago
WTF are you smoking? The VPN propaganda is really getting crazy these days.
StrawberryPigtails@lemmy.sdf.org 2 months ago
Tobacco. You?
auth0.com/…/defending-against-password-cracking-u…
atzanteol@sh.itjust.works 2 months ago
In what way do you think this article supports anything about the claim that “ssh can be broken into fairly easily”. It’s at best an argument for not using passwords with SSH, and at least for using very good passwords.
rhys@lemmy.rhys.wtf 2 months ago
I don’t think that link says what you think it does.