i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?
- The bots are looking anyways.
- The other options being presented are various VPNs. OpenSSH has far more eyes on it, for much longer than any of the VPNs. Both generally run as root on the host and so have similar attack surfaces.
- Disabling password auth is less important than having good passwords, but is still a good idea since turning off passwords guarantees no bad passwords. Fail2ban provides no security.