Hacker News new | ask | show | jobs
by imran-iq 1018 days ago
Just my 2cents that I wrote about here[0]. It boils down to:

1. Ease of use for non technical folks (my dad in the post)

2. The dangers of having an exposed ssh port (even on non standard ports)

I just don't have the time or compute to constantly tweak my security settings for a publicly exposed port, so the easiest way to solve the problem is to not have the port publicly exposed

---

0: https://blog.imraniqbal.org/tailscale/
1 comments
yjftsjthsd-h 1018 days ago
It feels like you may be solved a problem that didn't need solving? If you fully disabled password authentication, there's nothing to tweak; you can just ignore the log spam and not block the IP addresses and ignore it and it'll be fine.
link
imran-iq 1018 days ago
> If you fully disabled password authentication

It is not fully disabled, my dads account has a password for sftp.

Its covered more in part 1 (linked at the start of the blog post) but the repeated attempts at ssh'ing into my server actually killed sshd (which is how I found out about it).

The other problem is that this "server" is hosted on a residential connection in my computer room. This is just something I don't want to deal with and using a VPN fixes that since I do not need to deal with it, and its easy enough for my dad to use

link