I've seen this discussed a fair bit, and always the recommendation is to use wire guard and expose ssh only to the "local network" e.g. https://bugs.gentoo.org/928134#c38
First, I don't see how this works where there's a single server (e.g. colocation).
Second, doesn't that just make Wireguard the new hack target? How does this actually mitigate the risk?
First, I don't see how this works where there's a single server (e.g. colocation).
Second, doesn't that just make Wireguard the new hack target? How does this actually mitigate the risk?