logoalt Hacker News

eqvinoxtoday at 9:00 AM2 repliesview on HN

In theory.

In the same theory, someone would need your EC SSH key to do anything with an exposed SSH port.

Practice is a separate question.

Replies

JasonADrurytoday at 12:51 PM

Not even remotely comparable.

Wireguard is explicitly designed to not allow unauthenticated users to do anything, whereas SSH is explicitly designed to allow unauthenticated users to do a whole lot of things.

bjt12345today at 12:43 PM

SSH is TCP though and the outside world can initiate a handshake, the point being that wireguard silently discards unauthenticated traffic - there's no way they can know the port is open for listening.