How are Hatchbox servers hardened for security?

There are several things we do to make sure your servers have good security defaults:

  • We disable password authentication for SSH. You can only login with SSH keys.

  • UFW (uncomplicated firewall) is installed and configured only to allow the following ports publicly

    • 22 (SSH) on all servers

    • 80 (HTTP), and 443 (HTTPS) on web servers

  • In a multi-server cluster, Hatchbox also configures UFW to firewall the internal datacenter network. Traffic is only allowed between your servers.

  • Security updates are automatically installed.

Can I use fail2ban?

Of course! We recommend adding it if you feel comfortable using it.