On Sat, Apr 12, 2025 at 10:48 AM <to...@tuxteam.de> wrote: > > On Sat, Apr 12, 2025 at 09:29:41AM -0400, Lee wrote: > > On Sat, Apr 12, 2025 at 1:44 AM tomas wrote: > > > > > > On Sat, Apr 12, 2025 at 01:32:06PM +0800, jeremy ardley wrote: > > > > > > > > On 12/4/25 13:24, tomas wrote: > > > > > So, share your wisdom with us: what makes ssh less secure than > > > > > "a VPN"? > > > > > > > > > > > > It's quite simple. If you have a VPN exposed to the internet and an ssh > > > > service then you have two attack surfaces in parallel. Breach either > > > > one and > > > > you breach the system > > > > > > What if you don't even need the VPN (as is often the case)? > > > > Is port 22 the only thing you've got open? What does > > sudo ss -anltup > > show? > > My host "out there" has quite a few more ports open, but they > are supposed to be (http, https, smtp, imaps and a few others :-) > > > I've got a lot more than SSH/22 open, so if I was going to put this > > machine on the internet I'd want most of those ports turned off. > > My laptop has one to two handful of these, depending on what I'm > currently playing with.
I taking a class at the local library; my laptop has avahi and cups ports open .. which I'm not thrilled about but I like the zero-conf printing ability. Regards Lee
