To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    SSH Secure Shell for remote terminal access
    SSL Secure Sockets Layer, for transparent encryption
    UDP User Datagram Protocol, for real-time communications
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    [Thread #128 for this sub, first seen 10th Sep 2023, 16:25] [FAQ] [Full list] [Contact] [Source code]

  • Faceman🇦🇺@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    I used to SSH into my server and proxy out from there. Then I learned how shit of a solution that is for daily use and set up a vpn like a normal person.

  • Auli@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    What kind of port knocking just going to ports in sequence? Or someone wrote one that looks for a key signed and is supposedly not replayable.

  • Chewy@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Instead of ssh I use wireguard directly. It’s a simple protocol based on public/private keys with great performance and security.

    Wireguard is stateless and establishes connections really quickly on demand. This means the battery isn’t impacted even though it’s always on, since the VPN doesn’t have to maintain a constant connection. At least that’s the case if your routing only a specific subnet (e.g. 192.168.1.0/24 and not all traffic through it 0.0.0.0/0).