this post was submitted on 08 Sep 2024
84 points (96.7% liked)

Selfhosted

39980 readers
447 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
84
How can I keep my forwarded port secure? (kbin.earth)
submitted 2 months ago by [email protected] to c/[email protected]
68 comments fedilink hide all child comments
 

I just setup a minecraft server on an old laptop, but to make it acessible i needed to open up a port. Currently, these are the ufw rules i have. when my friends want to connect, i will have them find their public ip and ill whilelist only them. is this secure enough? thanks

`Status: active

To Action From

22/tcp ALLOW Anywhere Anywhere ALLOW my.pcs.local.ip`

also, minecraft is installed under a separate user, without root privlege

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 2 months ago (20 children)

Why is port 22 open? Is this on your router as well or just the server?

This is SSH, which you should pretty much never have open (to the internet! Local is fine) MC is by default 25565. You will have every bot on the internet probing that port.

[–] [email protected] 21 points 2 months ago (15 children)

Having SSH open to the internet is normal. Don't use password authentication with weak passwords.

[–] [email protected] 1 points 2 months ago (2 children)

yeah no I should have considered that. didn't lick the most secure password. will change when I get home

[–] [email protected] 17 points 2 months ago (1 children)

Don't use passwords for public SSH in the first place. Disable password authentication and use pubkeys.

[–] [email protected] 9 points 2 months ago

And disable ssh to root. Hell, just disable root login altogether and use sudo.

load more comments (12 replies)
load more comments (16 replies)