i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

  • astronautcytoma@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have a port 22 ssh process that denies everything, and a separate ssh process on a different port that accepts logins as normal. So someone could obviously find the hidden one, but it won’t be the apparently-functional one that they can hit day and night and never get any results from.

    • Swanners@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Fair enough. If you can run firewall rules then great. But opening up something like ssh to the internet is a risky risk. Cert auth is not a bad way to go in that scenario.

      • astronautcytoma@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I agree entirely. The box I have this on is my piddle-around server. A long time ago I used to administer a medium-sized cluster of Linux boxes and they were all cert auth, and I wouldn’t have had it any other way. Mostly, I think it’s fun to see what usernames and passwords the scripts and bots and hackers try on my neutered SSH.