i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

    • mshorey81@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Of course. But it’s just another layer to the onion. Pfblockerng, Crowdsec, Fail2Ban, wireguard…layers.

      • mcr1974@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        but wouldn’t you have to pay a performance penalty running ssh on top of wireguard.

    • davis-andrew@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      The benefit of wireguard^ is it runs over udp and won’t respond unless a peer with the right key hits it. ie a port scan won’t reveal anything because there’s no tcp port open to handshake, and wireguard won’t respond to junk data coming in.

      ^ Most VPNs run over udp. But i’m not sure say OpenVPN will respond to random crap, it probably won’t but i don’t want to state categorically that it won’t.