|
|
|
|
|
|
by snowwrestler
4868 days ago
|
|
|
I meant a commercial VPN service. I agree that if you're just VPNing into the same box that is running ssh, it's no more secure than ssh by itself. With the commercial VPN service, you run your own server exactly the same way as before, but restrict ssh access to only your VPN endpoint IP. Now your attack surface is way way smaller. (And your ssh logs are nice and clean.) > Non-https traffic is going to be unencrypted over the open internet anyway, so I see no harm in it being unencrypted on the cafe network. It's just so much easier to sniff traffic on unsecured WiFi than anywhere else. Not every site you log into implements https, or implements it correctly, and there are a variety of nasty things that can be done with that. Think of running a Wordpress blog on your own server...how many people bother to force https for that? But if someone hijacks your Wordpress admin session, they've basically got your whole server. |
|
|