this post was submitted on 04 Jun 2026
70 points (96.1% liked)
Selfhosted
60409 readers
698 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Most people probably don't care but it can be a security risk, allowing malware to move "laterally" between all your devices. For my main devices I don't give them SSH access to each other, but I do give them SSH access to my secondary devices (like a Pi-Hole)
Unless you do something incredibly stupid, such as allowing keyless login or sharing keys (or having unencrypted keys or keys without a passphrase, seriously), I find it hard to see how that would actually happen in practice.
Even if you have a password for your ssh key, malware on your system can just wait until you enter the password.
My point is that SSH access is very powerful, and effectively means that the security of the SSH server is reduced to the security of the SSH client. If your SSH client is pwned, so is your server. If you have 10 devices each with ssh access to each other, then if any one device is pwned, all devices are pwned as well.
This is not the case for systems designed for file sharing only. For example with syncthing, if one device gets pwned, all it can do is send files to the other devices.
Sure, it's just that from my point-of-view I'd be toast anyway if anyone managed to gain that level of access.
Depending on the number of devices you have, your threat model, it can be helpful to set up a security hierarchy. So you only need to worry about securing the devices at the top of the hierarchy, and can play loose and careless with the devices lower down. That way it's less likely to lose everything due to one mistake