Nvidia Shield. The regular version is $150 US and from what I understand it gives flawless playback. I have the pro version which is more powerful, but that’s specifically for running games.

It’s Android TV OS, so app selection is great. You can load Smart Tube Next on there to get YouTube without ads, and there’s a very solid Jellyfin app. You can also use Kodi for local direct playback. Remote is perfectly functional, and you can use an app to rebind most of the keys.

This is the selfhosted community; Who are you training? In most cases there’s literally only one person who would ever need SSH access to this server. Maybe two or three in a tiny handful of cases, but anyone who can’t figure out Netbird in 30 seconds absolutely should not be accessing anything via SSH.

And you’ve clearly never used Netbird, Tailscale, or any similar service, if you think that update, maintenance and config constitute any kind of meaningful burden, especially for something as simple as remote access to a VPS.

We’re in selfhosted. If you have to bring up use cases that are in no way relevant to 99% of self hosters to justify your argument, you don’t have an argument.

A lot of things are “fine”, but the cost of adding Netbird to your VPS is effectively zero, whether counted in dollars, time, or convenience.

Given the massive security benefits of using a VPN, and the lack of any meaningful downside to doing so, you’d be an idiot not to.

And mine. Clearly one of us is better at it.

You seem like a fan of the “pull out” method.

This is the correct answer. Never expose your SSH port on the public web, always use a VPN. Tailscale, Netmaker or Netbird make it piss easy to connect to your VPS securely, and because they all use NAT traversal you don’t have to open any ports in your firewall.

Combine this with configuring UFW on the server (in addition to the firewall from the VPS provider - layered defence is king) and Fail2Ban. SSH keys are also a good idea. And of course disable root SSH just in case.

With a multi-layered defence like this you will be functionally impervious to brute force attacks. And while each layer of protection may have an undiscovered exploit, it will be unlikely that there are exploits to bypass every layer simultaneously (Note for the pendants; I said “unlikely”, not “impossible”. No defence is perfect).