Self Hosted - Self-hosting your services.

506 readers

4 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate.

Cross-posting

!everything_git@lemmy.ml is allowed!
!docker@lemmy.ml is allowed!
!portainer@lemmy.ml is allowed!
!fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
!selfhosted@lemmy.ml is allowed!

If you see a rule-breaker please DM the mods!

founded 3 years ago

MODERATORS

Zoe8338@lemmy.ml

dogmuffins@lemmy.ml

testman@lemmy.ml

[Question] Is SSH secure in this scenario? (lemmy.ml)

submitted 1 year ago* (last edited 1 year ago) by brownmustardminion@lemmy.ml to c/selfhost@lemmy.ml

5 comments fedilink hide all child comments

Consider a wireguard network of many clients which all interact with each other through a central hub server on a cloud VPS. One of the clients is a desktop used for SSHing into the other various clients--again, through the central hub. If the "terminal" client connects to another client through the wireguard hub using SSH public/private key authentication, what if any information within that SSH tunnel gets exposed or leaked to the "hub" server?

My threat model is if the VPS was to ever get compromised. I previously SSH'd into the hub VPS server and from there I would SSH into any of the other clients with a password. Horrible security, I know.

My new setup is as mentioned above. Only the single desktop client has key authentication to SSH into the various clients. But I want to be sure none of that data gets exposed to the VPS hub just in case.

you are viewing a single comment's thread
view the rest of the comments

[–] Viktorian 1 points 1 year ago* (last edited 1 year ago)

Your new setup is specifically the kind of thing SSH was built for. So yes it is secure in your scenario if your description matches your actual network setup.

The biggest threat to SSH is a mitm if you don't verify your peer's identity properly, so you might accidentally connect directly to the hub through SSH, and the hub then either impersonates your intended target or (if able to) connects to it and bridges the connection while eavesdropping. For this reason you should verify fingerprints or deploy certificates if you're paranoid.