Data security in the Nextcloud App with access to the Ubuntu server

dieter

Hello, everyone,

I am just starting to run my own server.
This server is currently only supposed to provide a Nextcloud via Cloudron.
The Ubuntu VCS server is from a Hoster.
I have used a finished image of the Hoster incl. Cloudron for installation.

Tl;dr
How do I protect the local data on the Nextcloud server from third party access? The internal Nextcloud encryption does not seem to be a good solution.

I am currently unsure about the security of the data in the Nextcloud App. For two reasons:

In the settings of the Nextcloud I have activated the encryption. Also the local encryption. I thought that this would also make the data safer from third parties. But the following paragraph in the Nextcloud documentation makes me doubt it:

Encryption keys are stored only on the Nextcloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your Nextcloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

source:
https://docs.nextcloud.com/server/18/admin_manual/configuration_files/encryption_configuration.html#before-enabling-encryption

Furthermore I found the following function in the manual of my Hoster:

"Access

With Linux you can set a new root password at any time
On the "Access" page you can request a new password for the root user of a Linux server at any time.

We have developed this function for you to enable you to access your system even in the "worst case".

Due to the way our system works, your server must be switched off, the hard disk must not be encrypted, and the operating system used must be a Linux derivative in any case.

But don't worry: The hard disk of your server is only accessed once for changing the password. Further changes or even reading processes are excluded. The new password will be shown to you once and will not be saved by us".

What do you think about this and how does it behave in interaction with Cloudron?
Do I understand correctly that, with access to the server, you can get the keys and thus easily decrypt the data?
If so, does Cloudron mitigate the problem because of its app structure?

My Hoster does not make the problem any better with his function to change the root password...

Do you have a solution for this? The recommended hard disk encryption requires the decryption password to be entered at every reboot and is therefore impractical. Or is there a trick here?

Thanks in advance!

Greetings

René

will

@dieter On my Cloudron instance I have my Linux disk encrypted. Yes, kind of a pain in the ass entering it on each reboot, but thats the price you pay for security sometimes.
Cloudron does a decent job of implementing security controls on the ubuntu host. There is a project to take that even further and REALLY lock it down. Take a look through my post history to find it if you're curious.

nebulon

An important first line of defense here is to prohibit SSH login via password, but using keys instead. You can read up on how to do this for your Cloudron instance at https://cloudron.io/documentation/security/#securing-ssh-access
This page also contains further information about how to harden your setup, so it might be worth it to read the whole document.