Contabo Security Defaults Encourage Using SSH Passwords

https://jamesoclaire.com/2025/09/12/contabo-defaults-encourage-using-ssh-passwords/

10•ddxv•4mo ago

Comments

ddxv•4mo ago

My recent thoughts when trying Contabo for the first time.

PaulKeeble•4mo ago

When I used Contabo I had to harden this aspect immediately. Stopped root logins and passwords and made a separate user with a key. Its a really bad default setup from a security point of view.

I had issues with performance as well. I could never explain why I couldn't utilise the bandwidth fully it would only work in very short bursts and very quickly was throttling the connection. The problem is the workload I had I needed that peak bandwidth once every 2 weeks for a day and then it would mostly be idle and all of the usage was outside of peak but still the bandwidth got throttled consistently and I moved to netcup.

ddxv•4mo ago

Yeah, I saw they have the typical note that they reserve the right to throttle any CPU/traffic as needed. But I guess if they don't have sophisticated rules for throttling they have both edge cases like yours where they are overly strict and still other loopholes that can be abused.

hobobaggins•4mo ago

Too bad Userify is too expensive for a lot of VPS-style projects (free for less than five instances, but we blow through that pretty fast most of the time)

sam_lowry_•4mo ago

Fear of passwords is some kind of cargo cult nowadays.

Irrational and exploited by vested interests.

ddxv•4mo ago

Hmm, I don't know if I agree, but I'm open to hearing more. The public/private keys (which means you can copy past them in chats/emails) is pretty useful.

Also, what do you mean by 'exploited by vested interests'? You think keys are pushed by some organization exploiting them?

TheNewsIsHere•4mo ago

I wonder if they’re conflating the push for FIDO2 credentials as Passkeys with the general problems of using passwords.

Passwords are perfectly fine in theory. It’s when you put humans in the loop that they become a headache.

ASalazarMX•4mo ago

> The public/private keys (which means you can copy past them in chats/emails)

God please don't do that to private keys, you might as well just copy a password and save some work.

ddxv•4mo ago

No, of course not. The reference to pasting a public key into an email is in reference to Contabo asking that we copy paste our ip/username/password over email for them to 'troubleshoot'. If the server had been setup with public keys and they really needed our help to access at least they could have just sent their own public key safely over email.

Every Failed M4 Gun Replacement Attempt

China ramps up energy boom flagged by Musk as key to AI race

Show HN: ClawBox – Dedicated OpenClaw Hardware (Jetson Orin Nano, 67 Tops, 20W)

Ask HN: AI never gets flustered, will that make us better as people or worse?

Show HN: HalalCodeCheck – Verify food ingredients offline

Student makes cosmic dust in a lab, shining a light on the origin of life

In the Australian outback, we're listening for nuclear tests

'Hermès orange' iPhone sparks Apple comeback in China

Show HN: Goxe 19k Logs/S on an I5

The async builder pattern in Rust

(Golang) Self referential functions and the design of options

Show HN: Model Training Memory Simulator

Claude Code Controller

Software design is now cheap

Show HN: Are You Random? – A game that predicts your "random" choices

Poland to probe possible links between Epstein and Russia

Effectiveness of AI detection tools in identifying AI-generated articles

Warsaw Circle

Reverse Engineering Raiders of the Lost Ark for the Atari 2600

The AI4Agile Practitioners Report 2026

Digital Independence Day

What a bot hacking attempt looks like: SQL injections galore

Show HN: FlashMesh – An encrypted file mesh across Google Drive and Dropbox

Show HN: AgentLens – Open-source observability and audit trail for AI agents

Show HN: ShipClaw – Deploy OpenClaw to the Cloud in One Click

Unlock the Power of Real-Time Google Trends Visit: Www.daily-Trending.org

Explanation of British Class System

Show HN: Jwtpeek – minimal, user-friendly JWT inspector in Go

Willow – Protocols for an uncertain future [video]

Feedback on a client-side, privacy-first PDF editor I built

Every Failed M4 Gun Replacement Attempt

China ramps up energy boom flagged by Musk as key to AI race

Show HN: ClawBox – Dedicated OpenClaw Hardware (Jetson Orin Nano, 67 Tops, 20W)

Ask HN: AI never gets flustered, will that make us better as people or worse?

Show HN: HalalCodeCheck – Verify food ingredients offline

Student makes cosmic dust in a lab, shining a light on the origin of life

In the Australian outback, we're listening for nuclear tests

'Hermès orange' iPhone sparks Apple comeback in China

Show HN: Goxe 19k Logs/S on an I5

The async builder pattern in Rust

(Golang) Self referential functions and the design of options

Show HN: Model Training Memory Simulator

Claude Code Controller

Software design is now cheap

Show HN: Are You Random? – A game that predicts your "random" choices

Poland to probe possible links between Epstein and Russia

Effectiveness of AI detection tools in identifying AI-generated articles

Warsaw Circle

Reverse Engineering Raiders of the Lost Ark for the Atari 2600

The AI4Agile Practitioners Report 2026

Digital Independence Day

What a bot hacking attempt looks like: SQL injections galore

Show HN: FlashMesh – An encrypted file mesh across Google Drive and Dropbox

Show HN: AgentLens – Open-source observability and audit trail for AI agents

Show HN: ShipClaw – Deploy OpenClaw to the Cloud in One Click

Unlock the Power of Real-Time Google Trends Visit: Www.daily-Trending.org

Explanation of British Class System

Show HN: Jwtpeek – minimal, user-friendly JWT inspector in Go

Willow – Protocols for an uncertain future [video]

Feedback on a client-side, privacy-first PDF editor I built

Contabo Security Defaults Encourage Using SSH Passwords

Comments