Timothy M Butterworth (HE12025-03-25): > It is not that SSH is less secure, it is that crackers attempt to brute > force SSH servers. If you really want to have SSH open to the internet you > may want to hide it behind port knocking.
Let us not exaggerate please. A ssh server publicly available on its usual port is annoying with the logging noise, but unless you are very constrained in terms of CPU or bandwidth it is not a danger. Also, all this hinges on the ability to run the port knocking or VPN on any legitimate client. That is a rather strong condition. If it does not hold: if your users might not be able to install port knocking software, not allowed to run VPN clients, or if an annoying firewall is in the middle, you have no choice but to let a public access. Regards, -- Nicolas George
