Only asking for logspam. You configuring your service so badly that it can be breached this easy? Having a root user with the password toor and allow password auth?
Regresshion was difficult to exploit and was mitigated by preventing continous connection attempts using something like fail2ban or crowdsec in a home environmemt. Properly set up with key based auth and preventing root password logins and there is little risk from a public accessible ssh server. I’ve operated one serving hundreds of users in a corporate environment for years and the only compromise was social engineering to obtain user credentials.
If you use rsa, make sure the key length is at least 3072 bits or better yet, 4096. Or if all your devices support it, just use ed25519 keys.
Yep… i thought i linked it, but i clearly didnt
I install it directly on all my machines. Docker containers running on the machine are accessible via Tailscale.
Check out their support article here for more in depth instructions for your particular linux flavor.
adding another layer of software, including a full Webserver, just increases attack surface for a homeserver.
Look man typing a long root password gets annoying lmao
Oh yes, I’m not disagreeing that it’s difficult to exploit, but it was a regression put in which bypassed authentication. Systems open to the direct Internet if this happens again may be exploited easily. (Edited for spelling)
Headscale não seria a mesma superfície de ataque do Wireguard ?
What
You should not be using a password to log in with SSH, but I see people told you that
Should be in a password manager that you can copy and paste from.
Also, this particular response was based on the fact knalkip appeared to be stating that even fail2ban was unnecessary
I’ll disable it. I use rsa keys to login.
I assumed he was being sarcastic