If you insist on using passwords, make sure you at least install something like fail2ban or denyhosts to block the compromised machines which are hammering your server trying to guess passwords. Clients can see which authentication methods are allowed so they know which machines to attack (i.e., yours, if you allow passwords).
I use a gpg smartcard to log into SSH. That way I don't need a password (technically, the smartcards reader wants the PIN, but the computer sees no PIN) and the key can't be stolen easily.
One can simply start an openssh-server on localhost with some unused port for testing. There is no need for the internet, other computers or let alone other computers from somebody else over the internet for that.
Yeah I'm sure they are running linux. Actually just have them build openssh from source first. Much easier then signing up for GitHub and following their guide to do a test push for a litmus test.
Yeah, it is security through obscurity, I do it anyway on my Internet facing systems because then I don't have to bother with most automated SSH Scanners.
The general advice I've seen is to not host your own server. But I think it would be a great learning experience. If you cover the basics, is your server still extremely vulnerable?
Yep, you should definitely host your own server. And build your own Linux distro. And your own computer. Then weave your own cloth, sew your own clothes, cobble your own shoes. Build a car. Buy some land. Build a house. Move to the country. Raise chickens. Till and sow land. Get off the grid. Abandon the modern world.
It's perfectly possible to drive a car without building one, or to become technically proficient without hosting your own server. If you DIY something, you may learn a lot about it, but it won't make you any better at the thing you actually wanted to do with it.
It is not about learning everything by doing it yourself from scratch. Hosting a service yourself on your own server is becoming simpler and simpler by the day. Capable hardware is cheaply available in the form of single board computers and projects like Freedombox[0] and Yunohost[1] make the hosting part simple for the services they preconfigure.
I don't know why you write such a confrontative comment. Hosting your server is important to have control over your data. You don't need to build your own Linux distro for that...
Yup, I have an Odroid X running Ubuntu (I couldn't find a Debian that was set up to run on it). It's my mail server, apache server, has an outward facing SSH server, and acts as a sensor data logger. It's pushed pretty much as far as it will go, for a little system like that, with a fairly high load average at times.
Recently had a power cut that killed the system, but rather than reinstall I poked around for a few hours until I discovered the bootloader's zImage had been corrupted. Copied another over from the original install image, and away it went.
When I find myself a decent job, I'll dedicate a more powerful system to the task, maybe virtualize a few of the servers.
Fun projects, although there are many head-hit-keyboard moments in setting it up.
I have an A20-Olinuxino-Micro with a battery, so the device can cleanly shutdown when power is lost.
I strongly recommend only buying devices that are compatible with Debian main, or mainline Linux at least. Usually I just check if it's compatible with Debian main, and if it's not, I move on. The latest shiney SoC is not worth the software pain caused by uncooperative manufacturers.
First of all, it wasn't a confrontational comment, it was irony.
And no, self-hosting does not help you control your data. Control would imply some kind of access control or lock, which all hosted services provide. Privacy would imply encryption, which you should be applying to your self-hosted service's files anyway, and can also apply to a hosted service.
It came off as confrontational to me..., and I don't see the irony (may be poor choice of word on that though, reductio ad absurdum perhaps?)
I would think someone working in marketing at American Apparel or some fashion magazine or something could get something useful in weaving their own cloth or sewing their own clothes. Similarly towards someone reading Hacker News and running their own server.
It was confrontational because you ridiculed a point of what I said by extremely overdoing it.
Even the part you ridiculed — which wasn't the main point — is important. Learning and figuring stuff out by doing it yourself is very important. One doesn't need to go to the absurdly extreme like you ironically promoted.
I host my own server and virtually only I have access to it. Clearly, that gives me privacy to a large degree.
Not host your own hardware or not get a dedicated server? Whether you host your own hardware in your home or rent a dedicated server, you are still responsible for proper security. Renting a VPS is a different story, you are relying on the hosting company to properly setup security for the guests. At least when you can run on bare metal, you can audit yourself. If I need to be able to quickly scale and do other "cloud computing" things, running EC2 or similar instances is pretty much the only way but if I need some real security, hosting on my own is the best option.
You can make a very secure system by hosting it yourself. Do you need a very secure system? Or do you just need to know that you need a firewall, and to manage your credentials securely, and to segregate applications' security domains, and do filtering of inputs, and blocking of brute force attacks?
You probably just need to learn about security, and learning to host yourself is not the same thing.
When you say "Disable password login via ssh", what is going to be the login method from this point onwards? Via a personal certificate? Tks