Server Internet Exposure Risks

this kind of stuff shouldn't be exposed to the open internet. use an internal network with vpn or at the very least look at something like Cloudflare Access.

Meant as a parabole. If server access is that strong, could it be better protected by equivalent of 2 factor auth?

Instead of directly exposing the server to the internet, you could keep it behind a VPN. That way you only need to keep the VPN secure, the VPN serves as a whitelist.

I mean.. why aren't they using a vpn and restricting external access at the firewall?

A) since you have a relationship with Rackspace, why not rackspace cloud?B) Unless this is a multi user system with the most likely vector of attack is your application itself not system level.Having said that here are some common tips: run ssh on a nonstandard port, Restrict who can log in via ssh (PermitRootLogin no) and only allow a few people remote access (AllowUsers foo bar) install a firewall (iptables) that blocks all ports except the ones you need publicly available (probably 80,

Instead of exposing them directly to the Internet, have them bind only to localhost. Then run an SSH server so that people can tunnel through it to the ports, and prevent brute force logins by configuring the SSH server to only use public-key authentication.

You might not want to expose stuff on the public internet, you know

This is correct answer.No reason to expose ssh to the internet.

Would this involve "the usual" dangers of someone hacking the in-your-house server ?

Great news, and very good work, thanks for sharing. One thing that I am concerned about (or have questions about), is how would you make sure you are not exposing the service to outside, so that when the laptop is on a coffee shop network others can query the credentials? I mean, it often happens that a developer needs to expose a webserver they are running to outside to showcase something or demo or .... It is not very hard to make a mistake and expose everything right?