On 5/5/2022 4:34 PM, Tom Browder wrote:
On Wed, May 4, 2022 at 11:07 john doe <johndoe65534@mail.com> wrote:On Tue, May 3, 2022 at 15:18 john doe <johndoe65534@mail.com> wrote:On 5/3/2022 9:42 PM, Tom Browder wrote:- Use VPN to access your servers remotely.I find it easier to use a VPN (responsible for public remote connection) to connect to my own network then use SSH (responsible for private remote connection) to connect to my intranet devices This also give you two layers of authentication and you have separate services.But, given a properly passwordless ssh connection, is there anything extraordinarily dangerous versus a VPN, or is it the redundancy you favor? (I am the only superuser, and usually the only user of my network.)
Yes, redundancy avoid having one point of failure in case of compromized
keys for example.
Having outbound connection through the VPN allows me to separate the
services, so if I need to work on the VPN I do not need to touch the SSH
server and vice versa
It also give me better firewalling capability between the VPN subnet and
the rest of my network.
For context, I'm also the only administrator ('root' user ...) on my
network.
See (1) and (2) for more in-depth thoughts.
At the time I set up this, I googled this subject and came to the
conclusion that SSH through VPN was a better fit (flexibility, two
layers of security, VPN advantages when connecting on public wifi) for me.
1)
https://networkengineering.stackexchange.com/questions/23959/why-use-ssh-and-vpn-in-combination
2) https://homenetworkguy.com/tech/ssh-vs-vpn/
--
John Doe