Comment on Connection to VPS only via VPN or SSH
chiisana@lemmy.chiisana.net 9 months agoAlso before diving too deep into firewalls, which is a good idea none the less, just go to SSHd config and set ListenAddress to only listen on the VPN network address instead of public IP, and no one can connect via the public IP.
Keep it simple, and add complexity only as needed.
Onion6068@feddit.de 9 months ago
I personally prefer using public key encryption over passwords for ssh authentication. There’s no need to rely on third-party VPN providers (like ZeroTier or Tailscale) or hosting your own “vpn server” for that purpose as ssh trafic is already encrypted.
The drawback of following the route you suggested is that you have to operate yet another service that could be misconfigured, potentially causing you to lose access to your server. If you’re keen on further restricting access, consider whitelisting your static(!) IP address, the IP address ranges associated with your provider or the ranges assigned to your country for an additional layer of security.
chiisana@lemmy.chiisana.net 9 months ago
I agree. I have all my servers “in the open”, and only use VPN when I need to route my egress through a different geographical location. The reason I’m saying to use
ListenAddressinstead is because OP is already got the VPN setup, and seems like not going to change from it. No point introducing yet another piece of complexity such as firewall to the mix when their objective can be achieved with what they’re already using.