Re: Limiting attack surface for Debian sshd

To: debian-user@lists.debian.org
Subject: Re: Limiting attack surface for Debian sshd
From: <tomas@tuxteam.de>
Date: Sat, 12 Apr 2025 07:44:11 +0200
Message-id: <Z/n9q2lqL5kCyUWn@tuxteam.de>
In-reply-to: <[🔎] cc4a6de8-b8a9-4536-858e-51e74edce581@gmail.com>
References: <Z/lbflFSAPGvvIeG@alphanet.ch> <Z/l0rHF84CapBU5R@mail.bitfolk.com> <Z/n5AUbsLCtq3mbB@tuxteam.de> <[🔎] cc4a6de8-b8a9-4536-858e-51e74edce581@gmail.com>

On Sat, Apr 12, 2025 at 01:32:06PM +0800, jeremy ardley wrote:
> 
> On 12/4/25 13:24, tomas@tuxteam.de wrote:
> > So, share your wisdom with us: what makes ssh less secure than
> > "a VPN"?
> 
> 
> It's quite simple. If you have a VPN exposed to the internet and an ssh
> service then you have two attack surfaces in parallel. Breach either one and
> you breach the system

What if you don't even need the VPN (as is often the case)?

Remember: simplicity usually helps security, because the admin can
understand the system better.

Cheers
-- 
t

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Limiting attack surface for Debian sshd
  - From: Lee <ler762@gmail.com>

References:
- Limiting attack surface for Debian sshd
  - From: Marc SCHAEFER <schaefer@alphanet.ch>
- Re: Limiting attack surface for Debian sshd
  - From: Andy Smith <andy@strugglers.net>
- Re: Limiting attack surface for Debian sshd
  - From: <tomas@tuxteam.de>
- Re: Limiting attack surface for Debian sshd
  - From: jeremy ardley <jeremy.ardley@gmail.com>

Prev by Date: Re: Reverting back to the previous Chromium version
Next by Date: Re: Limiting attack surface for Debian sshd
Previous by thread: Re: Limiting attack surface for Debian sshd
Next by thread: Re: Limiting attack surface for Debian sshd
Index(es):
- Date
- Thread