I understand this, but this is inconsistent behavior. You now use 22 inside your network and something else outside. Whenever you create inconsistent behavior, everyone using it has to have an awareness of all these inconsistent behaviors.

Also, it is hard to troubleshoot because the tool most admins would want to use (netstat) will not give you useful information to understand the situation.

If you change it, definitely change it on the server so it shows up in netstat and is consistent.

The idea behind keys is always, that keys can be rotated. Vast majority of websites to that, you send the password once, then you get a rotating token for auth.

Most people don’t do that, but you can sign ssh keys with pki and use that as auth.

Cryptographically speaking, getting your PW onto a system means you have to copy the hash over. Hashing is not encryption. With keys, you are copying over the public key, which is not secret. Especially managing many SSH keys, you can just store them in a repo no problem, really shouldn’t do that with password hashes.

This is mostly nonsense.

• Why block outgoing? Its just going to cause issues for most people. If you’re going to do that, do it centrally (hw firewall)
• Why allow http and NTP incoming, when there is no http / NTP server running.
• If there is http server running no mention of https://ssl-config.mozilla.org/ and modsecurity
• If you’re using ufw anyway why not go with applications instead of ports?
• In a modern distro, the defaults are usually sane (maybe except TCP), most of the stuff in the SSH config is already default.
• Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?
• Actually potentially impactful stuff like disabling services you don’t need, such as cups, is not mentioned
• unattended-upgrades not mentioned
• SELinux / AppArmor not mentioned
• LKRG not mentioned https://lkrg.org/
• Fail2ban not mentioned

Don’t just copy random config from the internet, as annoying as it is, read the docs.

Every person and institution saying that is what enables fascism.

Its funny because the largest holder of US debt is social security. So most of the debt is owed to the workers. You are paying the money back you borrowed in the first place.

Your requirements are really unclear.

• how many houses
• how far are they apart (latency)
• what is their internet connection like? up/downstream? Static IP? Is it stable?
• how are they supposed to access the data?
• what kind of data is it, and what is the access pattern? Meaning, is it text files? Occasional pictures? Movies?
• how much data do you need in total (yours+others)

Over time, it will destroy large parts of the park.

There is a reason it’s included though. Stuff like fmod, bink video etc. does complicated things that you otherwise need to implement yourself.