SSH Security Overview
Boottify enforces strict SSH security policies to protect your server infrastructure. All access requires key-based authentication — password login is disabled.
Key-Based Authentication
We use Ed25519 SSH keys for maximum security:
- Generate a key:
ssh-keygen -t ed25519 -C "your-email@example.com" - Add your public key through the control panel under Settings → SSH Keys
- Test your connection:
ssh -T your-user@your-server.boottify.com
Firewall Protection
SSH access is restricted by IP address using UFW (Uncomplicated Firewall). Only whitelisted IP addresses can establish SSH connections. To add your IP:
- Navigate to Settings → Security → SSH Access
- Add your static IP address or IP range
- Changes take effect immediately
Brute Force Protection
fail2ban monitors SSH login attempts and permanently bans IP addresses after 2 failed attempts. Additional protections include:
- MaxAuthTries: 3 attempts per connection
- LoginGraceTime: 30-second window to authenticate
- GeoIP blocking: 54 high-risk countries are blocked at the network level
Regular Key Rotation
We recommend rotating your SSH keys every 90 days. When you add a new key, remove the old one from the authorized keys list to maintain a clean security posture.