On 5/5/2022 4:34 PM, Tom Browder wrote:
On Wed, May 4, 2022 at 11:07 john doe <johndoe65534@mail.com> wrote:On Tue, May 3, 2022 at 15:18 john doe <johndoe65534@mail.com> wrote:On 5/3/2022 9:42 PM, Tom Browder wrote:- Use VPN to access your servers remotely.I find it easier to use a VPN (responsible for public remote connection) to connect to my own network then use SSH (responsible for private remote connection) to connect to my intranet devices This also give you two layers of authentication and you have separate services.But, given a properly passwordless ssh connection, is there anything extraordinarily dangerous versus a VPN, or is it the redundancy you favor? (I am the only superuser, and usually the only user of my network.)
Yes, redundancy avoid having one point of failure in case of compromized keys for example. Having outbound connection through the VPN allows me to separate the services, so if I need to work on the VPN I do not need to touch the SSH server and vice versa It also give me better firewalling capability between the VPN subnet and the rest of my network. For context, I'm also the only administrator ('root' user ...) on my network. See (1) and (2) for more in-depth thoughts. At the time I set up this, I googled this subject and came to the conclusion that SSH through VPN was a better fit (flexibility, two layers of security, VPN advantages when connecting on public wifi) for me. 1) https://networkengineering.stackexchange.com/questions/23959/why-use-ssh-and-vpn-in-combination 2) https://homenetworkguy.com/tech/ssh-vs-vpn/ -- John Doe