Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Securing SSH port of Cloudron

Scheduled Pinned Locked Moved Support
sshsecurity
4 Posts 4 Posters 340 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W Offline
    W Offline
    why42
    wrote on last edited by girish
    #1

    Hi there,
    I would like to ask the experts here regarding securing the SSH port of my Cloudron.
    According to https://cloudron.io/documentation/security/ I changed the SSH port from 22-->202 and I installed SSHguard instead of file2ban. So I would like to ask if this seems to be enough for a basic security line for the SSH access or if I should do more like installing file2ban additionally or do something else.
    Thanks in advance for some hints.

    murgeroM 1 Reply Last reply
    1
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    replied to why42 on last edited by
    #2

    @why42 Go back to 22, reinstall fail2ban, then secure the port by using Private key authentication.

    I suppose you can keep sshguard, but still configure for private key auth.

    Also, Using a port so close to 22 like 202 will do nothing to people scanning your ports in ranges (IE 1 - 2000 which will find that port anyway). So just leave it on 22 and only allow logins with Private keys (this will prevent brute forcing and private keys will take millions of years to decipher with a VERY good password protected key.)

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    1 Reply Last reply
    1
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #3

    @why42 The most important thing is to make sure you are using ssh key authentication and not password based auth. Moving to port 202 is helpful because there are way too many bots out there which just spam port 22. Personally, all my servers are on port 202 because the logs get flooded with bots non-stop.

    W 1 Reply Last reply
    2
  • W Offline
    W Offline
    will
    replied to girish on last edited by
    #4

    @girish I second this

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.