i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?

  • chaplin2B
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    If you disable password authentication, and use public key authentication, yes.

  • AnApexBreadB
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    disabling password login and use pubkey authentication will be safe enough?

    Just make sure you actually disable password login. Simply enabling key doesn’t disable password. So as long as the password is disabled then you’re fine.

  • billiarddaddyB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Move it to a four digit port on your router and port for to 22 internally.

  • uncmnsenseB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Rather than port forward 22, I would recommend using the ipv6 address and securing the host.

  • InfaSynB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    With PubKey and Fail2Ban its probably ok but wouldnt chance it personally. Can you use a different port too?

  • mshorey81B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Most likely it’s fine. Though it’s not terribly difficult to set up some flavor of VPN so you’re not exposing 22 at all outside your network. Personally I use Wireguard.

  • s3r3ngB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    First of all don’t expose a machine on your LAN unless it is very well locked down especially with respect to ability to access rest of LAN. To simply access home LAN set up home VPN that has the access instead of opening up a port as powerful as ssh. If you open ssh then put it at some other port than the well known 22 and make it accessible by authorized key only. I would further limit where this ssh can be accessed from using firewall rules.