bayindirh 2 hours ago

Try exposing a paswordless SSH server to outside to see what happens. It'll be tried immediately, non-stop.

Now, all the servers I run has no public SSH ports, anymore. This is also why I don't expose home-servers to internet. I don't want that chaos at my doorstep.

Reply View 5 replies
  • letmetweakit 2 hours ago

    Yeah, I have been thinking about hosting a small internet facing service on my home server, but I’m just not willing to take the risk. I’d do it on a separate internet connection, but not on my main one.

    Reply View 2 replies
    • bayindirh 2 hours ago

      You can always use a small Hetzner server (or a free Oracle Cloud one if you are in a pinch) and install tailscale to all of your servers to create a P2P yet invisible network between your hosts. You need to protect the internet facing one properly, and set ACLs at tailscale level if you're storing anything personal on that network, though.

      Reply View 1 reply
      • letmetweakit 2 hours ago

        I would probably just ssh into the Hetzner box and not connect it to my tailnet.

        Reply View 0 replies
  • gear54rus 2 hours ago

    this can be fixed by just using random ssh port

    all my services are always exposed for convenience but never on a standard port (except http)

    Reply View 1 reply
    • bayindirh 2 hours ago

      It reduces the noise, yes, but doesn't stop a determined attacker.

      After managing a fleet for a long time, I'd never do that. Tailscale or any other VPN is mandatory for me to be able to access "login" ports.

      Reply View 0 replies