@levelsio One thing I don’t see talked about enough regarding tailscale is that if your VPS is compromised an attacker can then attempt to move laterally to your laptop regardless of its location since there is a direct tunnel to it. Hooking up tailscale from your home to a device on the

@tynervp @levelsio Usually restrict ssh to my home IP only at the VPS firewall so I can let myself in if my ip changes or I’m traveling. 5m cron with VPS api to update IP. Or use spiped which has added benefit of protecting against 0days on SSH which has happened in the last few years.

@marksanborn @levelsio You can set up ACL rules to avoid that.