On 25/3/25 23:22, Jan Claeys wrote:
On Mon, 2025-03-24 at 12:39 +0800, jeremy ardley wrote:
I should mention that having an internet facing ssh service is
usually a very bad idea. The 'better' approach is to have only a VPN
exposed and use heavy security on that. Once the VPN link is
established you can ssh through the VPN to internal systems.
Why do you think SSH is less secure than any other VPN ?
One reason to choose VPN over ssh is that many ISPs block incoming ports
including ssh, telnet, RDP, smtp, and smb ports.
The more extreme ones block outgoing connections on most of those those
ports as well.
