So, I have a desktop that has a single-core/2-threads Pentium 4 CPU @ 2.4 GHz and a much newer desktop with an i7 CPU. The older desktop was one that I found on the streets in my neighborhood and that I later fixed and started to play around with it and decided to install Gentoo on it (just because). It’s CPU is also so old that it thankfully doesn’t have Intel MME. I have also put my older desktop in such a place where I could keep it on for 24/7 (without the risk of it overheating or bothering anyone even when emerging packages).
So, as I was installing Gentoo on it, I figured that I could also use it as an SSH file server and put it behind a VPN (which I could install on my newer i7 desktop (which I could install Debian onto)).
Now, since I wasn’t intending to use my Pentium desktop as a file server, I didn’t select the hardened profile (and switching profiles would probably take a very long time). So, I was wondering, would this be much of a security concern in my case?
I doubt it’s an elevated risk, if you install updates and patches regularly. Make sure the VPN allows port forwarding only to whichever specific port you’re running SSH on (ideally you want a random, non-default port that’s not associated with a specific service).
@viking @KseniyaK Fail2ban and port knocking can be used for further security https://wiki.installgentoo.com/wiki/Home_server/Remote_access#Port_Knocking