To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

  • SheeEttin@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    If you only want to provide ssh access to one host, sure. If you want to provide other services, on multiple hosts, then you’re either making it a jump box or a proxy, while a VPN would provide direct access (or at least as defined in the firewall and routing rules).