if they have minimal capacity for installing/configuring/using software, then sending a USB drive via the postal service should be a strong contender

I don’t understand, why what my lemmy?

looks like this and runs NetBSD

Services:

• OpenSSH

npftables blocks all incoming except a particular set of ips. any connections from those ips hit pubkey authentication.

I’ve never had a problem

you’re right and sane firewall rules could prevent this type of attack

If you’re just accessing one device, why not use SSH?

SSH with pubkey authentication and sane firewall rules is very secure. Bonus points for fail2ban

i use namecheap’s dynamic dns with a curl cronjob

haven’t had a problem since setup 7 years ago

you can find me on Port 70

bsd fam

NetBSD

You’re advocating for running private services on the default ports?

I have a server exposed to the wan. some ideas:

• disable password auth for pubkey when you can
• don’t use default ports
• open as few ports as possible
• be conservative with your firewall allows: this is your server and not a public service

have fun!

I started learning networking with OpenBSD’s tutorial on building a router.

Building a router forces one to learn networking.

https://www.openbsd.org/faq/pf/example1.html

yes, try freenas/truenas

I just bought a license just because

let’s do it Congress!

would be a neat story in 1920