When I used Contabo I had to harden this aspect immediately. Stopped root logins and passwords and made a separate user with a key. Its a really bad default setup from a security point of view.
I had issues with performance as well. I could never explain why I couldn't utilise the bandwidth fully it would only work in very short bursts and very quickly was throttling the connection. The problem is the workload I had I needed that peak bandwidth once every 2 weeks for a day and then it would mostly be idle and all of the usage was outside of peak but still the bandwidth got throttled consistently and I moved to netcup.
ddxv 3 days ago [-]
Yeah, I saw they have the typical note that they reserve the right to throttle any CPU/traffic as needed. But I guess if they don't have sophisticated rules for throttling they have both edge cases like yours where they are overly strict and still other loopholes that can be abused.
hobobaggins 3 days ago [-]
Too bad Userify is too expensive for a lot of VPS-style projects (free for less than five instances, but we blow through that pretty fast most of the time)
sam_lowry_ 3 days ago [-]
Fear of passwords is some kind of cargo cult nowadays.
Irrational and exploited by vested interests.
ddxv 3 days ago [-]
Hmm, I don't know if I agree, but I'm open to hearing more. The public/private keys (which means you can copy past them in chats/emails) is pretty useful.
Also, what do you mean by 'exploited by vested interests'? You think keys are pushed by some organization exploiting them?
TheNewsIsHere 3 days ago [-]
I wonder if they’re conflating the push for FIDO2 credentials as Passkeys with the general problems of using passwords.
Passwords are perfectly fine in theory. It’s when you put humans in the loop that they become a headache.
ASalazarMX 2 days ago [-]
> The public/private keys (which means you can copy past them in chats/emails)
God please don't do that to private keys, you might as well just copy a password and save some work.
ddxv 2 days ago [-]
No, of course not. The reference to pasting a public key into an email is in reference to Contabo asking that we copy paste our ip/username/password over email for them to 'troubleshoot'. If the server had been setup with public keys and they really needed our help to access at least they could have just sent their own public key safely over email.
ddxv 3 days ago [-]
My recent thoughts when trying Contabo for the first time.
Rendered at 08:33:47 GMT+0000 (Coordinated Universal Time) with Vercel.
I had issues with performance as well. I could never explain why I couldn't utilise the bandwidth fully it would only work in very short bursts and very quickly was throttling the connection. The problem is the workload I had I needed that peak bandwidth once every 2 weeks for a day and then it would mostly be idle and all of the usage was outside of peak but still the bandwidth got throttled consistently and I moved to netcup.
Irrational and exploited by vested interests.
Also, what do you mean by 'exploited by vested interests'? You think keys are pushed by some organization exploiting them?
Passwords are perfectly fine in theory. It’s when you put humans in the loop that they become a headache.
God please don't do that to private keys, you might as well just copy a password and save some work.