Community thoughts on securing shared hosting/seedboxes?

Hello all, just wondering in general what people might be doing to securing or in general setting up rclone mounts on seed boxes (mostly for Plex use)

I set up an encrypted config but obviously had concerns even typing in that password (not to mention that there might be some other way to get to my mounts?)

thanks

hi,
well, it depends on the type of seedbox, shared, kvm, docker.

that is always going to be a problem.
and if the mount is running, then the intruder can access the file in the rclone mountpoint

fwiw,

my seedbox uses full kvm, so the only concern is an employee of the seedbox.

one use for the seedbox is to rclone copy backup files from wasabi to aws s3 deep glacier.
if someone got a copy of all the files, i would not be too concerned.
the reason is that the source files are already encrypted, veeam, 7z, etc..

and even if someone got the rclone config, again, not too concerned.
if you enable 2FA/MFA tokens on the cloud provider,
then the rclone config password is not enough to access the files in the cloud.
which wasabi and aws s3 has support for.

so to run rclone on seedbox, to access files, would need to type the password,
and then most likely, from your cellphone, keepass etc, create the six digit token and then type that into the seedbox terminal.

In this case it happens to be gdrive (crypted) - I guess the answer is just to manually re - authenticate often

But good point on a kvm seed box, which one do you use?

I guess enabling MFA is really the answer - if annoying but if Iā€™m logging in manually anyway every so often

for the seedbox part of it, i use the cheapest plan shared box from seedbox.io.
very basic, no ssh, rutorrent, access files over sftp, webdav, can use openvpn

as for cloud vm using kvm that i currently use.
--- black.host - cheapest plan, root, runs jellyfin/emby.
not newbie friendly at all, but cannot complain for $2.99/month
--- hertzner, cheapest vm, root, runs jellyfin/emby

both cloud vm use rclone mount to that seedbox.

with security concerns,
as for the seedbox, it is just a bunch of recent media files, do not really care what might happen to it.
what little media i want to keep long term, i download to home server.

as for the cloud vm, again, really no big deal. what is the worst that can happen?
tho i block all inbound traffic except for one port, tailscale
so no ssh over internet. ssh only over tailscale.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.