On Tue, Mar 25, 2025 at 1:34 PM Jan Claeys <li...@janc.be> wrote: > On Tue, 2025-03-25 at 17:12 +0100, Nicolas George wrote: > > Jan Claeys (HE12025-03-25): > > > > I should mention that having an internet facing ssh service is > > > > usually a very bad idea. The 'better' approach is to have only a > > > > VPN exposed and use heavy security on that. Once the VPN link is > > > > established you can ssh through the VPN to internal systems. > > > > Why do you think SSH is less secure than any other VPN ? > > > > Why do you think Jan says ssh is less secure than a VPN when Jan is > > saying that ssh is less secure than VPN+ssh? > > Jeremy insinuated that, not me, by saying that having SSH listening > publicly is a bad idea, and that “a VPN” listening publicly is somehow > safer. >
It is not that SSH is less secure, it is that crackers attempt to brute force SSH servers. If you really want to have SSH open to the internet you may want to hide it behind port knocking. > > As OpenSSH can be used as a VPN (if you want), a statement like that > makes very little sense, unless SSH would be somehow less secure than > all the other VPN solutions. > > > -- > Jan Claeys > > (please don't CC me when replying to the list) > > -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/ ⠈⠳⣄⠀⠀
