Gentoo Linux

488 readers

1 users here now

The Gentoo Linux community for discussions, tips and tricks, and general kernel compiling

founded 1 year ago

MODERATORS

[email protected]

Should I run non-hardened Gentoo on an SSH file server behind some sort of VPN? (lemmy.ca)

submitted 3 months ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

So, I have a desktop that has a single-core/2-threads Pentium 4 CPU @ 2.4 GHz and a much newer desktop with an i7 CPU. The older desktop was one that I found on the streets in my neighborhood and that I later fixed and started to play around with it and decided to install Gentoo on it (just because). It's CPU is also so old that it thankfully doesn't have Intel MME. I have also put my older desktop in such a place where I could keep it on for 24/7 (without the risk of it overheating or bothering anyone even when emerging packages).

So, as I was installing Gentoo on it, I figured that I could also use it as an SSH file server and put it behind a VPN (which I could install on my newer i7 desktop (which I could install Debian onto)).

Now, since I wasn't intending to use my Pentium desktop as a file server, I didn't select the hardened profile (and switching profiles would probably take a very long time). So, I was wondering, would this be much of a security concern in my case?

top 2 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 3 months ago

For what its worth hardened wouldn't have saved you from the recent openssh RCE. It may or may not save you from the next one.
Staying on top of GLSAs and making sure that you don't misconfigure your system is probably more important.

[–] [email protected] 1 points 3 months ago

I doubt it's an elevated risk, if you install updates and patches regularly. Make sure the VPN allows port forwarding only to whichever specific port you're running SSH on (ideally you want a random, non-default port that's not associated with a specific service).