it-systeme
christoph ender it operations · networking · software development
about
Hi there! These pages are intended to share notes and
experiences from my work as an IT freelancer – yes, you
can hire me – working in OPs, networking and development.
contact
latest blog entry: “wireguard-before-ssh”
It's time. After several incidents – terrapin, openssh/xz and the signalhandler/race-condition – all within the timespan of a single year, I've started rolling out servers which have their ssh port bound to a wireguard interface. Which means that without authenticating and connecting via wireguard first, the ssh port is not accessible from the public internet.