linux4noobs

1340 readers

1 users here now

linux4noobs

Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.

Seeking Support?

Mention your Linux distro and relevant system details.
Describe what you've tried so far.
Share your solution even if you found it yourself.
Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
Properly format any scripts, code, logs, or error messages.
Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.

Community Rules

Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
Posts must be Linux oriented
Spam or affiliate links will not be tolerated.

founded 1 year ago

MODERATORS

PlutoParty

SSH through VPN (sh.itjust.works)

submitted 5 months ago by [email protected] to c/linux4noobs

19 comments fedilink hide all child comments

Hello I am wondering if there is increased network/packet security by connecting to a server over ssh through a VPN hosted by that same server as opposed to without first tunneling by VPN. I imagine with or without tunneling through a VPN there would be latency/speed differences too?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 5 months ago (1 children)

But wouldn't the port being open alert anyone who looks for that? Network security is not my specialty but I believe I have read that people can ping/scan ip addresses easily and quickly to determine if any ports are open / forwarded, so if Wireguard was used or any VPN software, they could pick up on that as an attack vector?

[–] towerful 3 points 5 months ago (1 children)

Wireguard uses UDP.
Wireguard also strives to be "silent" for bad traffic/connection attempts. I've tried a cursory look to find more information on it, but nothing that explains it simply.

Either way it doesn't turn up on port scans.

[–] [email protected] 2 points 5 months ago (1 children)

But the router must forward the port to allow the VPN to be utilized , meaning that port being forwarded can be scanned/detected i thought?

[–] damium 3 points 5 months ago

It depends on how the router responds to other non-forwarded ports. For UDP an open port with no response is the same as a dropped packet. A scanner will only know if the device sends an ICMP response back to indicate that it is closed.