On 15/02/2023 14:12, Stefanie Leisestreichler wrote:
On 15.02.23 13:54, Jan Just Keijser wrote:
sure, I use them , I even manage a few that offer such access to
students and employees.
Do I trust that host? no, it is monitored very intensively and it's
purely a "jumphost" with chroot sandboxes for the people logging in.
Which leads to the question: Do you focus with same caution to an
exposed openvpn service or is this more specific for those sshd?
this is actually starting to sound like we're doing your homework ....
Like Marc Schaefer wrote, for OpenVPN it is a bit different, as you can
run it over UDP which makes it a little easier to hide.
Having port 22 open on the internet is asking for bots & script kiddies
to try and break in, but usually fail2ban takes care of it quite nicely.
However, sometimes it is necessary to open up this port as I've seen
sites which allow outbound access on tcp port 22 only, not on a random
port like 22222 - plus, when offering public access for students you
have to document and list it on a public webpage, so having a public
wiki/web page stating "we run ssh on tcp port 2222 to confuse script
kiddies" is not a very good way to hide your ssh service.
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
