Website/WebHost Security

Continuing the discussion from Ideas and Suggestions:

I felt website security improvements warranted its own topic @Kingroy23.

I believe you have password authentication turned on in your ssh settings. This could be a security issue. I would recommend using public-key authentication rather than password authentication and turning off password authentication entirely.

I can’t confirm if you allow logging in via root either, but make sure that’s turned off as well. In addition, some people like changing their default ssh port to something other than 22.

Let me know if you need any help in this area!

Below is an example of what I’m seeing attempting to ssh into the forum vs what I see attempting to ssh into my wiki via password authentication:



I believe I’ve found another issue @Kingroy23 - this one related to https:

It appears an image is being served over plain http, specifically:

Which I believe was posted by @thekernelinyellow on this post:

Grand Experiments: West Marches

Take a look at the below video showing the issue. I had something similar happen when spinning up my wiki, I think it was related to adding an image before getting https set up properly. Perhaps simply deleting the post and reposting it will fix the problem?

1 Like

I think this is going to be worse to address, because I did not post the image, but it’s automatically retrieved by Discourse as the post preview.

@Kingroy23 we should check if there is some setting in Discourse to fix this problem.

1 Like

Have you tried deleting and reposting now that https is implemented fully?

I just linked to an http site and the images didn’t get pulled through, which is (I believe) functioning as intended:

Ok, I dug more into it: the certificate itself on Ars Ludi is not valid (the server is using an HTTPS certificate for a completely different domain), so there is no way to get a secure link for that post.

I’ll edit my post to break the link, but keep it readable, so we avoid the security problem.