To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

    • Morgikan@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      A VPN would give you access to a network, but not necessarily the devices on that network. It adds another layer of security as the user not only has to have SSH credentials/keys, but they also have to have the same for the VPN. SSH and VPNs would really be used in conjunction with each other.

      It’s onion security.

    • SheeEttin@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      If you only want to provide ssh access to one host, sure. If you want to provide other services, on multiple hosts, then you’re either making it a jump box or a proxy, while a VPN would provide direct access (or at least as defined in the firewall and routing rules).