I don’t get why people leave interfaces the public doesn’t need access to open to the public – especially SSH.
Use a VPN if you need access to those interfaces from the “outside”. They’re stupidly easy to set up these days, particularly with Wireguard.
I was working with a buddy on a “startup” that was more of a hobby than anything (and didn’t go anywhere). The early prototypes were controlled by Arduino and Pis early on – ease of software development was key as we experimented with and dialed in the hardware. The later prototypes used an ESP32 though, because we’re aren’t idiots.
I’m a hobbyist at best: it kills me that there are well paid “professional embedded software engineers” out there that can’t work with actual embedded hardware. All I could think of was this article on electrical engineers that can’t solder. The complete lack of real world, hands on experience with the hardware blows my mind.
Defense in depth – maybe I’m paranoid, but just because something is unlikely doesn’t mean an extra layer of security isn’t advantageous. Particularly when I already have a VPN, so there’s little reason not to use it.
Plus, my logs are easily checked as a side effect.