logoalt Hacker News

semi-extrinsictoday at 7:38 AM0 repliesview on HN

OTOH, if you run vanilla ssh on a publicly accessible machine where only port 22 is open, sshd only allows publickey-based authentication and the only accepted key types are FIDO2/U2F hardware-backed keys, it's probably more secure again (less attack surface).