Comment on Connection to VPS only via VPN or SSH
Onion6068@feddit.de 1 year agoI personally prefer using public key encryption over passwords for ssh authentication. There’s no need to rely on third-party VPN providers (like ZeroTier or Tailscale) or hosting your own “vpn server” for that purpose as ssh trafic is already encrypted.
The drawback of following the route you suggested is that you have to operate yet another service that could be misconfigured, potentially causing you to lose access to your server. If you’re keen on further restricting access, consider whitelisting your static(!) IP address, the IP address ranges associated with your provider or the ranges assigned to your country for an additional layer of security.
chiisana@lemmy.chiisana.net 1 year ago
I agree. I have all my servers “in the open”, and only use VPN when I need to route my egress through a different geographical location. The reason I’m saying to use
ListenAddressinstead is because OP is already got the VPN setup, and seems like not going to change from it. No point introducing yet another piece of complexity such as firewall to the mix when their objective can be achieved with what they’re already using.