if they have minimal capacity for installing/configuring/using software, then sending a USB drive via the postal service should be a strong contender

I don’t understand, why what my lemmy?

looks like this and runs NetBSD

Services:

• OpenSSH

npftables blocks all incoming except a particular set of ips. any connections from those ips hit pubkey authentication.

I’ve never had a problem

you’re right and sane firewall rules could prevent this type of attack

If you’re just accessing one device, why not use SSH?

SSH with pubkey authentication and sane firewall rules is very secure. Bonus points for fail2ban

i use namecheap’s dynamic dns with a curl cronjob

haven’t had a problem since setup 7 years ago

you can find me on Port 70

bsd fam

NetBSD

You’re advocating for running private services on the default ports?

I have a server exposed to the wan. some ideas:

• disable password auth for pubkey when you can
• don’t use default ports
• open as few ports as possible
• be conservative with your firewall allows: this is your server and not a public service

have fun!

I started learning networking with OpenBSD’s tutorial on building a router.

Building a router forces one to learn networking.

https://www.openbsd.org/faq/pf/example1.html

yes, try freenas/truenas

just fork it

for C and Python: libera.chat

i mean no disrespect to anyone who uses it, i did for a long time as a daily driver. nowadays i need zoom and webex for work and the browser versions are pigs, so i reserve the bsds for server stuff.

my home server runs NetBSD, for example

RMS! RMS! RMS!

GNU ! GNU! GNU!

let’s do it Congress!

I was inspiried by my experience with OpenBSD. It’s a recreation of the OpenBSD xenodm desktop but with Linux because it’s a laptop, not a server. This is an aarch64 Pinebook Pro running the OEM manjaro that’s been reconfigured to be snappy on the PBP hardware.