To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?

      • Morgikan@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        A VPN would give you access to a network, but not necessarily the devices on that network. It adds another layer of security as the user not only has to have SSH credentials/keys, but they also have to have the same for the VPN. SSH and VPNs would really be used in conjunction with each other.

        It’s onion security.

      • SheeEttin@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        If you only want to provide ssh access to one host, sure. If you want to provide other services, on multiple hosts, then you’re either making it a jump box or a proxy, while a VPN would provide direct access (or at least as defined in the firewall and routing rules).