Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Securing SSH port of Cloudron

    Support
    ssh security
    4
    4
    281
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      why42 last edited by girish

      Hi there,
      I would like to ask the experts here regarding securing the SSH port of my Cloudron.
      According to https://cloudron.io/documentation/security/ I changed the SSH port from 22-->202 and I installed SSHguard instead of file2ban. So I would like to ask if this seems to be enough for a basic security line for the SSH access or if I should do more like installing file2ban additionally or do something else.
      Thanks in advance for some hints.

      murgero 1 Reply Last reply Reply Quote 1
      • murgero
        murgero App Dev @why42 last edited by

        @why42 Go back to 22, reinstall fail2ban, then secure the port by using Private key authentication.

        I suppose you can keep sshguard, but still configure for private key auth.

        Also, Using a port so close to 22 like 202 will do nothing to people scanning your ports in ranges (IE 1 - 2000 which will find that port anyway). So just leave it on 22 and only allow logins with Private keys (this will prevent brute forcing and private keys will take millions of years to decipher with a VERY good password protected key.)

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~
        Matrix: @murgero:urgero.org

        1 Reply Last reply Reply Quote 1
        • girish
          girish Staff last edited by

          @why42 The most important thing is to make sure you are using ssh key authentication and not password based auth. Moving to port 202 is helpful because there are way too many bots out there which just spam port 22. Personally, all my servers are on port 202 because the logs get flooded with bots non-stop.

          W 1 Reply Last reply Reply Quote 2
          • W
            will @girish last edited by

            @girish I second this

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Powered by NodeBB