Over a million developers have joined DZone.

An Unflattering Commentary on Rackspace Cloud Server Security

DZone's Guide to

An Unflattering Commentary on Rackspace Cloud Server Security

· Cloud Zone ·
Free Resource

Learn how to migrate and modernize stateless applications and run them in a Kubernetes cluster.

I recently needed a new server instance for some testing. Normally I would go back to AWS, as I've had problems with Rackspace in the past. Being open minded and assuming things have changed in the last couple years I thought I'd go back and try out Rackspace cloud for my testing (for reasons I will not name here).

My first and most shocking revelation is that they have NOT fixed a key security problem. I'm going to outline this right now and hopefully somebody can fix it

Problem One: Log in as Root via SSH

Guys ... guys ... guys (or gals) ... It is baffling to me that you still allow this. Yes I get that you have a wonderful "Blacklist my server ip when something goes wrong" and "then disable access to my console to fix" routine going on to protect your network if MY machine gets compromised due to your silly lackadaisical security. Wait, that's actually a negative thing too. :) Please stop, I'm not going to use you as a provider until you fix this. In the interest of fairness I'll say, you DO generate a nice, secure, random looking password ... but that isn't really good enough in my book. At a minimum, generate a random password for a random (or hell, even let me name a user) userid, disable remote root access, and I MIGHT consider using your service, except for the next problem.

Problem Two: No Firewall Protecting the Machine by Default

So let's ignore the root access problem ... well, OK, we won't ... Now we have an aggravating problem ... BEFORE I even have an opportunity to do ANY hardening of the server, it's spun up and connected to the internet listening on SSH. While I get that in your book this isn't probably the end of the world, I'm quite "not thrilled" by this. I suppose this problem is mitigated by the fact that I need to install all my services manually, but I'm still not happy. Why wouldn't I get access to firewall rules (like I do in AWS) to limit the attack profile on my server (like to only allow SSH from my network)?

Rackspace, come on guys, I just can't believe you're still doing this, it's been a couple years now, you should've learned by now! I can't imagine this is an expensive proposition, hell, problem the first problem was already fixed by the Ubuntu team by default, you actually had to do work to defeat their efforts.

If your philosophical stance is that "This is an acceptable risk for my customers" well then, good luck to you, glad you made that decision for me, I'll be moving on to other providers that care about my business.

Join us in exploring application and infrastructure changes required for running scalable, observable, and portable apps on Kubernetes.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}