Hi, On Sat, Apr 12, 2025 at 09:39:53AM +0200, Marc SCHAEFER wrote: > sometimes, yes, I think [VPNs] are overblown compared to a "simple" > ssh server.
I think that a decent modern VPN solution is much simpler than OpenSSH and especially when your alternative is recompiling OpenSSH to remove dependencies that you think you don't need. > Wireguard, for example, is mostly kernel-side BTW. > > I do not assume those kernel codes are unsafe, I am pretty sure they > have audited them. It just makes the attack surface much bigger. I am pretty confident that the amount of code that can be reached by strange packets from the Internet side is going to be a lot smaller with WireGuard. It's going to be quite difficult to prove either way though, so let's just agree to disagree. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
