← Back to context

Comment by imran-iq

3 years ago

Just my 2cents that I wrote about here[0]. It boils down to:

1. Ease of use for non technical folks (my dad in the post)

2. The dangers of having an exposed ssh port (even on non standard ports)

I just don't have the time or compute to constantly tweak my security settings for a publicly exposed port, so the easiest way to solve the problem is to not have the port publicly exposed

---

0: https://blog.imraniqbal.org/tailscale/

2 comments

imran-iq

Reply
yjftsjthsd-h  3 years ago

It feels like you may be solved a problem that didn't need solving? If you fully disabled password authentication, there's nothing to tweak; you can just ignore the log spam and not block the IP addresses and ignore it and it'll be fine.

  • imran-iq  3 years ago

    > If you fully disabled password authentication

    It is not fully disabled, my dads account has a password for sftp.

    Its covered more in part 1 (linked at the start of the blog post) but the repeated attempts at ssh'ing into my server actually killed sshd (which is how I found out about it).

    The other problem is that this "server" is hosted on a residential connection in my computer room. This is just something I don't want to deal with and using a VPN fixes that since I do not need to deal with it, and its easy enough for my dad to use