Contabo Security Defaults Encourage Using SSH Passwords

https://jamesoclaire.com/2025/09/12/contabo-defaults-encourage-using-ssh-passwords/

10•ddxv•4mo ago

Comments

ddxv•4mo ago

My recent thoughts when trying Contabo for the first time.

PaulKeeble•4mo ago

When I used Contabo I had to harden this aspect immediately. Stopped root logins and passwords and made a separate user with a key. Its a really bad default setup from a security point of view.

I had issues with performance as well. I could never explain why I couldn't utilise the bandwidth fully it would only work in very short bursts and very quickly was throttling the connection. The problem is the workload I had I needed that peak bandwidth once every 2 weeks for a day and then it would mostly be idle and all of the usage was outside of peak but still the bandwidth got throttled consistently and I moved to netcup.

ddxv•4mo ago

Yeah, I saw they have the typical note that they reserve the right to throttle any CPU/traffic as needed. But I guess if they don't have sophisticated rules for throttling they have both edge cases like yours where they are overly strict and still other loopholes that can be abused.

hobobaggins•4mo ago

Too bad Userify is too expensive for a lot of VPS-style projects (free for less than five instances, but we blow through that pretty fast most of the time)

sam_lowry_•4mo ago

Fear of passwords is some kind of cargo cult nowadays.

Irrational and exploited by vested interests.

ddxv•4mo ago

Hmm, I don't know if I agree, but I'm open to hearing more. The public/private keys (which means you can copy past them in chats/emails) is pretty useful.

Also, what do you mean by 'exploited by vested interests'? You think keys are pushed by some organization exploiting them?

TheNewsIsHere•4mo ago

I wonder if they’re conflating the push for FIDO2 credentials as Passkeys with the general problems of using passwords.

Passwords are perfectly fine in theory. It’s when you put humans in the loop that they become a headache.

ASalazarMX•4mo ago

> The public/private keys (which means you can copy past them in chats/emails)

God please don't do that to private keys, you might as well just copy a password and save some work.

ddxv•4mo ago

No, of course not. The reference to pasting a public key into an email is in reference to Contabo asking that we copy paste our ip/username/password over email for them to 'troubleshoot'. If the server had been setup with public keys and they really needed our help to access at least they could have just sent their own public key safely over email.

Fibonacci Number Certificates

AI Overviews are killing the web search, and there's nothing we can do about it

City skylines need an upgrade in the face of climate stress

1979: The Model World of Robert Symes [video]

Satellites Have a Lot of Room

1980s Farm Crisis

Show HN: FSID - Identifier for files and directories (like ISBN for Books)

Show HN: Holy Grail: Open-Source Autonomous Development Agent

Show HN: Minecraft Creeper meets 90s Tamagotchi

Show HN: Termiteam – Control center for multiple AI agent terminals

The only U.S. particle collider shuts down

Ask HN: Why do purchased B2B email lists still have such poor deliverability?

Show HN: Remotion directory (videos and prompts)

Portable C Compiler

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026

Microsoft purges Win11 printer drivers, devices on borrowed time

Lunch with the FT: Tarek Mansour

Old Mexico and her lost provinces (1883)

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

Fibonacci Number Certificates

AI Overviews are killing the web search, and there's nothing we can do about it

City skylines need an upgrade in the face of climate stress

1979: The Model World of Robert Symes [video]

Satellites Have a Lot of Room

1980s Farm Crisis

Show HN: FSID - Identifier for files and directories (like ISBN for Books)

Show HN: Holy Grail: Open-Source Autonomous Development Agent

Show HN: Minecraft Creeper meets 90s Tamagotchi

Show HN: Termiteam – Control center for multiple AI agent terminals

The only U.S. particle collider shuts down

Ask HN: Why do purchased B2B email lists still have such poor deliverability?

Show HN: Remotion directory (videos and prompts)

Portable C Compiler

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026

Microsoft purges Win11 printer drivers, devices on borrowed time

Lunch with the FT: Tarek Mansour

Old Mexico and her lost provinces (1883)

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

Contabo Security Defaults Encourage Using SSH Passwords

Comments