Comment by KwanEsq
1 day ago
Couldn't you just make my-private-server.vanity-domain.example a manual /etc/hosts entry to prevent advertising it?
1 day ago
Couldn't you just make my-private-server.vanity-domain.example a manual /etc/hosts entry to prevent advertising it?
You could. You'd only have the ability to log in from your own machine though. If that compromise works is very much dependent on your situation.
Yes, that's the idea of a private server. All the clients allowed to connect to it are mine, or at least authorized by me on a very small scale. Think of a backup server or a jump host.
Come to think of it, I could have a private DNS too. I haven't bothered with that.
At that point don't open port 22 to the internet, just set up wireguard or tailscale.
Just as easy, you could just set the Host in your ssh config. Then you don’t have to deal with dns