Follow

Ask Mastodon: Should you be self-hosting critical servers like Bitwarden for 2FA, password manager?

@EdwardTorvalds depends of the setup but the more critical information is self hosted in the same server, the higher the risks. And higher the value of hacking that attack surface.

@rmdes we can use containers to isolate services right?
Besides, I was asking in terms of expertise - not everybody is seasoned devops expert hired on huge pay-scale.

@EdwardTorvalds correct if you're in a docker infrastructure but make sure open registration is disabled or limited to your domain users.

@EdwardTorvalds I think both Yunohost and Cloudron have package ready for the self hosted bitwarden app.

@EdwardTorvalds personally using both for different use case and serving apps for friends and family (and non profit clients) so feel free to ask stuff if in need :)

@EdwardTorvalds Yunohost is much closer to a typical Linux server administration, most app package are simply bash scripting to automate and configure a lot of stuff in the yunohost context, but at the same time you can freely dive manually into any part of the server and tweak, fix things if you're comfortable with this. On top of that you could run docker and install docker images as usual (but I'm not familiar with docker on yunohost to be honest)

@EdwardTorvalds with Yunohost, if you are comfortable with bash and python you should be able to feel really comfortable in no time and maybe there is less learning curve if you stay out of docker, that's just my experience and I'm not a developer or anything, just a power user perhaps, still learning while applying self hosting approach for all my digital needs.

@rmdes I know bash and python. so I guess I will be more comfortable with yunohost. plus I am looking for pure free-software approach. thanks for your answers.

@EdwardTorvalds it's a great choice plus amazing community! And the list of available apps is just breathtaking :)

@EdwardTorvalds Cloudron on the other hand is purely docker based, let's say it's a huge technical abstraction layer to facilitate immensely Linux server administration, even for non Linux sysadmins. Cloudron front-end isn't open-source, so that's a big difference if your are strict on your open-source approach. But the value cloudron brings on the table goes beyond anything I have seen, putting capacities to manage hundreds of apps/domain/certs/emails very easily.

@EdwardTorvalds with cloudron, apps packages need some work, even starting from an existing docker image, you have to adapt to a read-only file system, symlink where apps need to write for the cloudron context for example, get used to cloudron addon system, nothing impossible but there is a learning curve.

@EdwardTorvalds
I'm not sure exactly why you need a server for 2FA -- shouldn't any OTP generating app suffice (offline second factor) or do you move your sim card quite often?
As for password managing... KeepassXC puts everything in a single encrypted file (you can sync however you like).

@everlastingrocks I am using password manager like Bitwarden because I want it to be available on many devices and I also use TOTP 2FA, which Bitwarden supports, because there is a network issues in my place and app based TOTP is bit faster then getting OTP in SMS.
I am not sure it KeePassXC can be synced.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!