Is it fine to save contact information on a ssh sever and is it secure?



  • My mom wants to find a way to store information securely and host it remotely and wants to host our own mini-server on a Raspberry Pi that'll have contact information of the customers.

    My sister said to save it in the database of the site but I said if the site gets hacked then it'll expose all that personal information of the users. Should it be hosted locally and sshed into?



  • Both are secure. It all depends on how you configure them.

    But SSH is generally used for setting up secure tunnel between computers for issuing commands and websites are generally used to serve information. In your case as far as I know you want to serve information. So, website with access is better option.

    In SSH you need to harden the configuration like changing the default port, disabling the vulnerable ciphers, limit user access for e.g., do not allow root/sudo user to access via ssh. Only allow login through key Exchange, limit user access as per requirements like chroot and limit commands while accessing the shell.

    For web servers also you will need to have secure configuration. But if you keep your website minimal it is easy to secure web server than SSH (IMHO) specifically for external access. The extra overhead is certificates requires for HTTPS and securing the keys.

    Also, with HTTPS you cannot issue system commands directly.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2