On Sat, Jul 13, 2024 at 02:16:12AM +0200, Christian Schulte wrote: > There is no security with those kind of setups and we > all know it. I am just glad I can run OpenBSD there.
But if you want to run internet-facing servers without exposing access to them to the VPS hosting provider, you can still make use of inexpensive VPS services running OpenBSD to tunnel connections back to a server on a home broadband connection, (which might not have a static IP, might lack IPv6, or might not allow inbound connections). As long as you control the keys and certs on the machine which is physically under your control, and you are using appropriate algorithms for authentication, then access to the upstream VPS by the provider, (or anyone else), can't be used to man-in-the-middle your connections, (without being detected).
