I was not aware about the ta.key file, that sounds interesting indeed.
I've been using ssh for a number of years, and am familiar with local, remote, and dynamic port forwarding.
Can you elaborate on what you mean by 'quite a bit of damage'?
I'm assuming you mean something other than what any rogue host could do with access to a freely available port.
I may not have worded my question correctly when I asked about entry points.
Earlier in the thread, I read Heracles' post to mean that a VPN was fundamentally a more secure method to establish an encrypted connection.
I was trying to ask specifically about that, as I'd always assumed that a VPN or SSH would be roughly equivalent given the same keylength.
Also, the comment about a single SSH flaw opening the can of worms.
I think I may have misunderstood the point, and that Heracles was pointing out the inherent risk of connecting directly to the FN server via port forward, DMZ, or direct placement on a publicly accessible IP.