Keeping a cloud server secure: Rackspace

If you are serious about running a server in the cloud then you need to be serious about security. This is just the same as for any server, of course; but cloud servers typically come in a ‘bare bones’ configuration in which everything, including security, is your own responsibility.

The setup we’ve described has only two ports open onto the Internet: port 22 (the SSH port) and port 3105 (for Cardbox). In principle anyone could attempt to log in to port 22, using a known or guessed username and guessing the password.

One extreme measure you could take would be to shut down the SSH daemon altogether:

service stop sshd
chkconfig sshd off

You would still be able to access your server through the ‘Console’ tab in Rackspace’s ‘cloud control’ panel, and you could turn the SSH daemon on temporarily with service start sshd if you needed to use it for maintenance – for instance, uploading or downloading files using scp or SFTP.

For more nuanced security, the key document is Securing OpenSSH on the CentOS web site. At the very least, you should prevent remote logins to ‘root’, relying instead on logging in as some other user and then using su to change to ‘root’. You could also set up public keys and prevent password-based logins altogether.

%d bloggers like this: