To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?
To mitigate the effort to maintain my personal server, I am considering to only expose ssh port to the outside and use its socks proxy to reach other services. is Portknocking enough to reduce surface of attack to the minimum?
Sure? It certainly detracts bots that now don’t discover the SSH port anymore. Against a targeted attack it’s less useful, but that is a very hard problem in any case. If someone is out to get you specifically, it will be a tough battle.