Security Ubuntu
-
Hello,
I'm thinking of subscribing to your solution. I'd like some clarification about security. I already have vps with contabo. it seems to me that your service is already compatible.
after the creation of the installation of a vps, there is necessarily a root account to create. which in time is not a good practice.
- are any unbuntu security measures taken after cloudron installation?
- change root,
- port blocking,
- modify ssh port,
- setting up a failtoban?
- system or packet updates?
the goal for me is to free myself from system administration.
thanks -
Just to make sure, did you see this?
https://docs.cloudron.io/security/ -
yes, but reading is long and sometimes a bit technical for me. that's why i'd like to be reassured.
so following this drive, we don't change the root, but you recommend changing the ssh port and not using SSH key authentication?
Do you have a tutorial on this subject? I didn't see it in the documentation. Unless I skipped a few lines.
Thanks for your reactivity -
port blocking
Yes Cloudron does come with an integrated firewall which manages it self.
modify ssh port
This is useless and only deters the most basic script kiddies.
Every port scanner will still find the open ssh port.fail2ban
https://docs.cloudron.io/security/#fail2ban
system or packet updates
https://docs.cloudron.io/security/#updates
the goal for me is to free myself from system administration
When self hosting you will never be fully "free" of system administration.
But Cloudron does take a lot of your shoulders.Setting up ssh key based authentication and disabling root is explained one google search away for example:
https://www.cyberciti.biz/faq/how-to-disable-ssh-password-login-on-linux/ -
I recommend following the two steps in the post installation - https://docs.cloudron.io/installation/#firewall-setup . i.e if you have a Cloud firewall open/close ports there and also secure ssh access with ssh keys and disable password login.
-
Thank you very much.
When self hosting you will never be fully "free" of system administration.
what are the "remaining" tasks you are talking about?
@ode59 IT stuff like configuring apps, figuring out how apps work, figuring out which apps you need, maybe setting up interconnections between apps. in any case, instead of talking in abstract, it's best you try to actually use it and see how you like it
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
-
Hello,
I'm thinking of subscribing to your solution. I'd like some clarification about security. I already have vps with contabo. it seems to me that your service is already compatible.
after the creation of the installation of a vps, there is necessarily a root account to create. which in time is not a good practice.
- are any unbuntu security measures taken after cloudron installation?
- change root,
- port blocking,
- modify ssh port,
- setting up a failtoban?
- system or packet updates?
the goal for me is to free myself from system administration.
thanks@ode59 said in Security Ubuntu:
the goal for me is to free myself from system administration.
In short, you're in the right place.
One very rarely has to SSH into one's server to do anything with Cloudron as nearly everything is handled by Cloudron.
