Comment Re: "Out of the box" linux is pretty secure (Score 1) 139
I allow SSH with key based auth, no passwords.
I can't restrict it to specific source addresses without considerable inconvenience (travelling, dynamic addresses etc), even if i do that wouldn't be terribly useful as several of the source addresses i regularly use are CGN and shared by thousands of other people.
Remote administration is required, SSH with keys is as reasonable a method as any other
Until there's a zero-day in OpenSSH, and your hosts are compromised without any authentication being required.
and provides more convenience and performance than the added overhead of a vpn over the top.
Sure, so you chose convenience over security.
Maybe that's a reasonable choice in your environment. In many, it isn't.