i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

  • speculatrix@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    I’ve opened port 22 to specific IPv4 addresses, like my employer’s, friends and family.

    For any other IPv4 origin, its best to set up a VPN. It’s trivial to set up wireguard.

    You’re probably safe to open port 22 for IPv6, as the address space is unfeasibly large to be scanned, but still, the secops in me doesn’t like security by obscurity, so I don’t. Also, there’s evidence that hackers use things like IPv6 access logs on NTP to find accessible devices to target.