So i wanted to ssh into my work laptop. Because of work i leave sometimes the office and theres times i dont come back and just go home and the laptop would be on its place still on. My main idea was to just be able to ssh into it and poweroff it so the FDE config works, people there later can store it safely.
I have done most of the things to secure a ssh server:
ufw deny 22 && ufw deny 2222
remove root login
remove password login
enable public key only config
set random port
hide ip address by disabling pinging to that ip (ufw config in simple words: echo-request -j DROP)
Reading i saw that people were recommending using VPNs for accessing pcs outside home network, do i really need that or for the most part am i ok?
This is a question to ask your IT people. Any sensible company will not allow a non-corporate machine to access corporate machines or the corporate network as that would open them up to all sorts of risks.
Your laptop is likely behind your business firewall, so would require extra work to directly ssh into. some sort of VPN or reverse ssh tunnel may work. But seems overkill.
y main idea was to just be able to ssh into it and poweroff it so the FDE config works, people there later can store it safely.
You could set it up where it just powers off an hour after quitting time. Or some other set time. Or set it where it powers off after one hour of non use.
No clue what you mean by “FDE config works, people there later”
OpenSSH might drop the ball sometime, and in such case if it’s behind a self-hosted VPN then at least it can’t be exploited unless the VPN server also has an exploitable bug.
The chance is really small though, if enabling the VPN in your home device is such a hassle, you can skip it.
99.99% of the time you will not be able to ssh to your laptop directly as it doesn’t have a public IP address, that’s why you need to connect via VPN to your company network and from there you can ssh to your laptop.