![](https://midwest.social/pictrs/image/dc3b5d85-66ee-4497-b0eb-0e3a23326a31.webp)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
I don’t get why people leave interfaces the public doesn’t need access to open to the public – especially SSH.
Use a VPN if you need access to those interfaces from the “outside”. They’re stupidly easy to set up these days, particularly with Wireguard.
Defense in depth – maybe I’m paranoid, but just because something is unlikely doesn’t mean an extra layer of security isn’t advantageous. Particularly when I already have a VPN, so there’s little reason not to use it.
Plus, my logs are easily checked as a side effect.