Contabo Security Defaults Encourage Using SSH Passwords

https://jamesoclaire.com/2025/09/12/contabo-defaults-encourage-using-ssh-passwords/

10•ddxv•4mo ago

Comments

ddxv•4mo ago

My recent thoughts when trying Contabo for the first time.

PaulKeeble•4mo ago

When I used Contabo I had to harden this aspect immediately. Stopped root logins and passwords and made a separate user with a key. Its a really bad default setup from a security point of view.

I had issues with performance as well. I could never explain why I couldn't utilise the bandwidth fully it would only work in very short bursts and very quickly was throttling the connection. The problem is the workload I had I needed that peak bandwidth once every 2 weeks for a day and then it would mostly be idle and all of the usage was outside of peak but still the bandwidth got throttled consistently and I moved to netcup.

ddxv•4mo ago

Yeah, I saw they have the typical note that they reserve the right to throttle any CPU/traffic as needed. But I guess if they don't have sophisticated rules for throttling they have both edge cases like yours where they are overly strict and still other loopholes that can be abused.

hobobaggins•4mo ago

Too bad Userify is too expensive for a lot of VPS-style projects (free for less than five instances, but we blow through that pretty fast most of the time)

sam_lowry_•4mo ago

Fear of passwords is some kind of cargo cult nowadays.

Irrational and exploited by vested interests.

ddxv•4mo ago

Hmm, I don't know if I agree, but I'm open to hearing more. The public/private keys (which means you can copy past them in chats/emails) is pretty useful.

Also, what do you mean by 'exploited by vested interests'? You think keys are pushed by some organization exploiting them?

TheNewsIsHere•4mo ago

I wonder if they’re conflating the push for FIDO2 credentials as Passkeys with the general problems of using passwords.

Passwords are perfectly fine in theory. It’s when you put humans in the loop that they become a headache.

ASalazarMX•4mo ago

> The public/private keys (which means you can copy past them in chats/emails)

God please don't do that to private keys, you might as well just copy a password and save some work.

ddxv•4mo ago

No, of course not. The reference to pasting a public key into an email is in reference to Contabo asking that we copy paste our ip/username/password over email for them to 'troubleshoot'. If the server had been setup with public keys and they really needed our help to access at least they could have just sent their own public key safely over email.

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

Haskell for all: Beyond agentic coding

SectorC: A C Compiler in 512 bytes (2023)

Speed up responses with fast mode

Software factories and the agentic moment

Total surface area required to fuel the world with solar (2009)

Brookhaven Lab's RHIC concludes 25-year run with final collisions

LLMs as the new high level language

Hoot: Scheme on WebAssembly

Stories from 25 Years of Software Development

Vocal Guide – belt sing without killing yourself

First Proof

Vouch

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Wood Gas Vehicles: Firewood in the Fuel Tank (2010)

Why there is no official statement from Substack about the data leak

Al Lowe on model trains, funny deaths and working with Disney

Show HN: A luma dependent chroma compression algorithm (image compression)

FDA intends to take action against non-FDA-approved GLP-1 drugs

Start all of your commands with a comma (2009)

Homeland Security Spying on Reddit Users

The AI boom is causing shortages everywhere else

I write games in C (yes, C) (2016)

Microsoft account bugs locked me out of Notepad – Are thin clients ruining PCs?

Selection rather than prediction

Learning from context is harder than we thought

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

Where did all the starships go?

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Reinforcement Learning from Human Feedback

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

Haskell for all: Beyond agentic coding

SectorC: A C Compiler in 512 bytes (2023)

Speed up responses with fast mode

Software factories and the agentic moment

Total surface area required to fuel the world with solar (2009)

Brookhaven Lab's RHIC concludes 25-year run with final collisions

LLMs as the new high level language

Hoot: Scheme on WebAssembly

Stories from 25 Years of Software Development

Vocal Guide – belt sing without killing yourself

First Proof

Vouch

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Wood Gas Vehicles: Firewood in the Fuel Tank (2010)

Why there is no official statement from Substack about the data leak

Al Lowe on model trains, funny deaths and working with Disney

Show HN: A luma dependent chroma compression algorithm (image compression)

FDA intends to take action against non-FDA-approved GLP-1 drugs

Start all of your commands with a comma (2009)

Homeland Security Spying on Reddit Users

The AI boom is causing shortages everywhere else

I write games in C (yes, C) (2016)

Microsoft account bugs locked me out of Notepad – Are thin clients ruining PCs?

Selection rather than prediction

Learning from context is harder than we thought

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

Where did all the starships go?

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Reinforcement Learning from Human Feedback

Contabo Security Defaults Encourage Using SSH Passwords

Comments