On Sat, Apr 12, 2025 at 09:29:41AM -0400, Lee wrote: > On Sat, Apr 12, 2025 at 1:44 AM tomas wrote: > > > > On Sat, Apr 12, 2025 at 01:32:06PM +0800, jeremy ardley wrote: > > > > > > On 12/4/25 13:24, tomas wrote: > > > > So, share your wisdom with us: what makes ssh less secure than > > > > "a VPN"? > > > > > > > > > It's quite simple. If you have a VPN exposed to the internet and an ssh > > > service then you have two attack surfaces in parallel. Breach either one and > > > you breach the system > > > > What if you don't even need the VPN (as is often the case)? > > Is port 22 the only thing you've got open? What does > sudo ss -anltup > show? My host "out there" has quite a few more ports open, but they are supposed to be (http, https, smtp, imaps and a few others :-) > I've got a lot more than SSH/22 open, so if I was going to put this > machine on the internet I'd want most of those ports turned off. My laptop has one to two handful of these, depending on what I'm currently playing with. Cheers -- t
Attachment:
signature.asc
Description: PGP signature