What’s your go too (secure) method for casting over the internet with a Jellyfin server.

I’m wondering what to use and I’m pretty beginner at this

  • Novi@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    10
    ·
    8 days ago

    I would not publicly expose ssh. Your home IP will get scanned all the time and external machines will try to connect to your ssh port.

        • drkt@scribe.disroot.org
          link
          fedilink
          English
          arrow-up
          10
          ·
          8 days ago

          If you’re going to open something, SSH is far, far more battle-tested than much other software, even popular software. Pragmatically, If someone is sitting on a 0-day for SSH, do you genuinely think they’re gonna waste that on you and me? Either they’re gonna sell it to cash out as fast as possible, or they’ll sit on it while plotting an attack against someone who has real money. It is an unhealthy level of paranoia to suggest that SSH is not secure, or that it’s less secure than the hundreds of other solutions to this problem.

          Here is my IP address, make me eat my words.
          2a05:f6c7:8321::164 | 89.160.150.164

          • pm_me_your_puppies@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 days ago

            You got balls to post you public addresses like that… I mean I agree with you wholeheartedly and I also have SSH port forwarded on my firewall, but posting your public IP is next-level confidence.

            Respect.

          • Ptsf@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 days ago

            I linked a relevant vulnerability, but even ignoring that, pragmatically, you feel they’d be targeting specific targets instead of just what they currently do? (That, by the way, is automating the compromise of vulnerable clients in mass scale to power botnets). Any service you open on your device to the internet is inherently risky. Ssh best practices are, and have been since the early days, not to expose it to the internet directly.

      • adr1an@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 days ago

        Only the failed attempts could be a Denial Of Service and throw you out. So, at least add an ever increasing delay to those. Fail2ban is important.