How to Use SSH Public Key Authentication

Public key authentication is a way of logging into an SSH/SFTP account using a cryptographic key rather than a password.

If you use very strong SSH/SFTP passwords, your accounts are already safe from brute force attacks. However, using public key authentication provides many benefits when working with multiple developers. For example, with SSH keys you can allow multiple developers to log in as the same system user without having to share a single password between them; revoke a single developer's access without revoking access by other developers; and make it easier for a single developer to log in to many accounts without needing to manage many different passwords.

Our team has a strong security background. Security research published by our team members includes identifying vulnerabilities in Linux package managers, designing secure software update systems, and securing browsers against CSRF exploits. If you have security questions or encounter any issues, please contact us.


Your Servers

ServerPilot uses the most advanced security architecture of any control panel to ensure the security of your servers.

Software Updates

All servers managed by vpsmodel are configured to be automatically updated with security updates from the Ubuntu security repositories as well as the ServerPilot repositories. These updates are signed with the Ubuntu and ServerPilot GPG keys, respectively.

Code Signing

All vpsmodel code executed on your servers is signed offline with our GPG key. The signature is checked by your server before any code is executed.

Communications

All communication with vpsmodel performed by your servers is done over TLS encrypted connections.

The vpsmodel apt repositories are also served over HTTPS using TLS.

Password

When you set system user passwords or MySQL passwords using vpsmodel, we hash those passwords in the appropriate format and transmit them in hashed format to your server over a TLS encrypted connection.

Your vpsmodel account password is hashed using the industry standard Argon2id. We do not store passwords in plain text.

Firewalls

vpsmodel configures an iptables network firewall on your servers. This firewall only allows TCP ports 22 (SSH), 80 (HTTP), 443 (HTTPS), and UDP port 68 (DHCP).

Public-Facing Web Server

vpsmodel configures Nginx with OpenSSL as the public-facing web server on your server. OpenSSL is used by the majority of the world's HTTPS websites to perform TLS encryption. Nginx is secure against Slowloris attacks due to its use of an event-driven (asynchronous) model rather than being multi-threaded.

Mail

vpsmodel configures the secure postfix mail server on your servers. This mail server is used only for your web applications to send outbound mail. It is not configured to accept mail from outside of your server and the firewall is not opened to allow outside communication with the mail server.

Secure Shell and File Transfer

Your servers are configured with SSH/SFTP for you to access your servers. We do not enable insecure FTP on your servers.

Our Systems

We use best practices combined with decades of server and network administration experience to keep our systems secure. Our team includes sysadmins who helped early Amazon and other large companies grow successfully and securely.

Access Control

We use enterprise-grade security to isolate and control access to our internal networks.

Credit Cards

We use Stripe credit card and payment processing. Credit card numbers are never transmitted to or stored on our servers.