I planning to run a private media wiki server on debian(SELinux) for all my important home documents.
I would like to be able to securely access it from the outside with laptop, tablet, or even a live-CD like LPS. It seems to me I would have the smallest attack surface if I only provided SSH to the cloud and tunneled in, maybe even incorporate a port knock to prevent casual detection. I will be serving content to a known and essentially unchanging set of users. Bandwidth efficiency isn't really a factor as concurrent connections would be rare.
Is there a more secure way to access a web server? It seems the government really likes to use smart cards although I'm not sure how. What about client side browser certificates? Yubikey?
