troed

I went from Seafile to Nextcloud with family file sharing as the primary usage. I’m using the AIO docker installation without issues.

This might not help, but I never experienced the issues you had.

(I moved away from Seafile due to - in my opinion - it dying a slow death with less and less support)

Still no. Here’s the reasoning: A well known SSHd is the most secure codebase you’ll find out there. With key-based login only, it’s not possible to brute force entry. Thus, changing port or running fail2ban doesn’t add anything to the security of your system, it just gets rid of bot login log entries and some - very minimal - resource usage.

If there’s a public SSHd exploit out, attackers will portscan and and find your SSHd anyway. If there’s a 0-day out it’s the same.

(your points 4 and 5 are outside the scope of the SSH discussion)

Feel free to argue with facts. Hardening systems is my job.

This is not “the correct answer”. There’s absolutely nothing wrong with “exposing” SSH.

A few replies here give the correct advice. Others are just way off.

To those of you who wrote anything else than “disable passwords, use key based login only and you’re good” - please spend more time learning the subject before offering up advice to others.

(fail2ban is nice to run in addition, I do so myself, but it’s more for to stop wasting resources than having to do with security since no one is bruteforcing keys)

I went from Emby to Jellyfin as they started their enshittification journey. I don’t really notice it being less polished.

Ollama as a general LLM server and then LLaVa as model

I host a SearXNG instance and follow the Matrix channel. Haven’t seen anything along those lines.

The AI support doesn’t hurt you if you don’t use it - and they’ve done the right thing by making sure you can do things locally instead of cloud.

Here’s what AI does for me (self-hosted, my own scripts) on NC 9:

When our phones sync photos to Nextcloud a local LLM creates image descriptions on all the photos, as well as creating five tags for each.

It is absolutely awesome.

You want Matrix. Synapse if you intend to host for others, Conduit if you just want to host for yourself. There are quite a few different clients but I do indeed use ElementX on mobile.

That sounds problematic. Where do they detail this?

Wikipedia:

Google Safe Browsing “conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google’s servers on whether the website should be considered malicious”.

But why are random people visiting your instance?

If you were just selfhosting services for you and your family, would really browsers be flagging your site?