forwarding port 22 safe? - eviltoast

i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

  • dev_all_the_ops@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Port forwarding will work, but it has major downsides

    1. Will draw attention of bots
    2. Secure as long as there are no security holes in openssh (which is rare but has happened)
    3. You _must_ harden the ssh server by disabling password auth, putting behind fail2ban

    There are far better and safer alternatives that I would recommend over exposing a raw port to the world.

    1. Tailscale
    2. Wireguard/OpenVPN
    • Innominate8@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago
      1. The bots are looking anyways.
      2. The other options being presented are various VPNs. OpenSSH has far more eyes on it, for much longer than any of the VPNs. Both generally run as root on the host and so have similar attack surfaces.
      3. Disabling password auth is less important than having good passwords, but is still a good idea since turning off passwords guarantees no bad passwords. Fail2ban provides no security.