Attack surface comparison really. If the only thing exposed is ssh, or your vpn, which do you trust to have fewer vulnerabilities in the exposed authentication system?
Probably a toss up.
Now if you’re talking about exposing multiple ssh endpoints vs a single vpn endpoint, that equation changes.
But a single relatively secure endpoint……difference is pretty negligible.
Attack surface comparison really. If the only thing exposed is ssh, or your vpn, which do you trust to have fewer vulnerabilities in the exposed authentication system?
Probably a toss up.
Now if you’re talking about exposing multiple ssh endpoints vs a single vpn endpoint, that equation changes.
But a single relatively secure endpoint……difference is pretty negligible.