Subj : Re: Nightmares / Dreams To : 2twisty From : Andre Date : Thu Mar 31 2022 18:33:40 2t> I *AM* one of those "more experienced 2t> people" when it comes to SSH and Telnet. I'm no haxx0r g0d or anything 2t> close, but I have enough professional experience to know this. I'm far from the best, but I am that guy... or used to be before I took worse and worse jobs to make more money. 2t> If you really want to be properly secure, you'd set up a VPN endpoint on 2t> your router and force users to connect to the VPN first and then This doesn't really gain anything for SSH. You can get the same MFA, logging, and blacklisting that you can with a VPN. What the VPN can get you tunneling your DNS and a central place for getting MFA, logging, and blacklisting for *all* your systems. But if you just have one server then it's just adding complexity. - Andre --- SBBSecho 3.15-Linux * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117) .