I’ve had my VPS exposed to the internet for a while and never been pwned. No professional experience. Use SSH keys, not password authentication. Use FDE if physical access is in your threat model. Use a firewall to prevent connection on internal-only ports.
Vaultwarden will store your passwords encrypted (obviously) so even if your database does get stolen, the attacker shouldn’t be able to read your passwords without your master password.
I know about Tailscale. I don’t use it because I want my VPS to be exposed to the internet; some of my services are supposed to be public. And those that aren’t, have their own authentication systems that are adequately secure for their purposes. I just don’t need Tailscale so I’ve not bothered with the setup.
I’ve had my VPS exposed to the internet for a while and never been pwned. No professional experience. Use SSH keys, not password authentication. Use FDE if physical access is in your threat model. Use a firewall to prevent connection on internal-only ports.
Vaultwarden will store your passwords encrypted (obviously) so even if your database does get stolen, the attacker shouldn’t be able to read your passwords without your master password.
If you use Tailscale or Netbird, you can avoid exposing your VPS to the internet completely.
https://lemmy.ca/comment/22449085
I know about Tailscale. I don’t use it because I want my VPS to be exposed to the internet; some of my services are supposed to be public. And those that aren’t, have their own authentication systems that are adequately secure for their purposes. I just don’t need Tailscale so I’ve not bothered with the setup.