|
|
|
|
|
|
by remram
712 days ago
|
|
|
I was going to say something like this, but in practice wireguard is very very tiny. It doesn't have pluggable authentication, or passwords, or user transitions, or forked subprocesses, or systemd integrations. Using it or another simple secure transport in front of SSH is probably a good idea. |
|
|
Stacking these services on top of each other in this way does not necessarily mean that an attacker has to compromise both services in order to compromise a host. The parent poster's flawed reasoning appeared to lead to a false sense of security as a result.