undefined | Better HN

0 pointsIgorPartola3mo ago0 comments

For every remote exploit and cloud-wide outage that has happened over the past 20 years my sshd that is exposed to the internet on port 22 has had zero of either. There were a couple of major OpenSSH bugs but my auto updater took care of that before I saw it on the news.

You can trust BugCorp all you want but there are more sshd processes out there than tailnets and the scrutiny is on OpenSSH. We are not comparing sshd to say WordPress here. Maybe when you don’t over engineer a solution you don’t need to spend 100x the resources auditing it…

0 comments

lillecarl3mo ago

If you only expose SSH then you're fine, but if you're deploying a bunch of WebApps you might not want them accessible on the internet.

The few things I self host I keep out in the open. etcd, Kubernetes, Postgres, pgAdmin, Grafana and Keycloak but I can see why someone would want to hide inside a private network.

IgorPartolaOP3mo ago

Yeah any web app that is meant to be private is not something I allow to be accessible from the outside world. Easy enough to do this with ssh tunnels OR Wireguard, both of which I trust a lot more than anything that got VC funding. Plus that way any downtime is my own doing and in my control to fix.

j / k navigate · click thread line to collapse

0 comments

lillecarl3mo ago

If you only expose SSH then you're fine, but if you're deploying a bunch of WebApps you might not want them accessible on the internet.

The few things I self host I keep out in the open. etcd, Kubernetes, Postgres, pgAdmin, Grafana and Keycloak but I can see why someone would want to hide inside a private network.

IgorPartolaOP3mo ago

j / k navigate · click thread line to collapse