zlacker

[parent] [thread] 2 comments
1. bigstr+(OP)[view] [source] 2026-02-05 06:49:35
SSH is not at all risky if you disable password authentication. There's essentially zero chance that someone guesses your private key, though you might get annoyed with all the login failures spamming your logs. Fail2ban helps with that if you care, though I don't personally bother these days.
replies(1): >>null_d+tF
2. null_d+tF[view] [source] 2026-02-05 12:52:32
>>bigstr+(OP)
So that’s generally my train of thought, but from what I know there were serious vulnerabilities discovered in OpenSSH throughout the years, doesn’t it increase the risk for open ssh port or were the vulnerabilities discovered never touched those areas of ssh authentication. Seems to me that tools like tailscale and so on aren’t open to this sort of risk but I definitely can be wrong
replies(1): >>lxgr+7U
◧◩
3. lxgr+7U[view] [source] [discussion] 2026-02-05 14:29:51
>>null_d+tF
The only one I can think of is the one on Debian where key generation used weak entropy, making keys guessable.

Given its sensitivity, OpenSSH is incredibly battle-hardened and probably better than almost everything else you can run on an exposed port.

[go to top]