Zum Inhalt springen
SicherheitFortgeschritten

Sicherheits-Checkliste für Heimserver

Eine praktische Checkliste zum Absichern deines Heimservers: SSH, Firewall, Updates, Backups und sicherer Fernzugriff.

von HomeServersGuide Team1 Min. Lesezeit

Security doesn't have to be complicated. Work through this checklist and you'll avoid the mistakes that get home servers compromised.

1. Lock down SSH

  • Disable password login and use SSH keys only.
  • Change the default port to reduce automated noise.
  • Consider fail2ban to block brute-force attempts.
# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no

2. Keep everything updated

Unpatched software is the number-one risk. Enable automatic security updates and update your Docker images regularly.

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

3. Use a firewall

Allow only the ports you actually need. On Ubuntu, ufw makes this simple:

sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable

4. Don't port-forward carelessly

Exposing services directly to the internet is the most common way home servers get hacked. Prefer a VPN like WireGuard or Tailscale. If you must expose something, put it behind a reverse proxy with HTTPS and authentication.

5. Back up — and test restores

Security includes recovering from ransomware or mistakes. Follow the 3-2-1 rule: three copies, two media, one offsite. An untested backup is not a backup.

6. Principle of least privilege

  • Run containers as non-root where possible.
  • Give each service only the access it needs.
  • Store secrets in environment variables or a secrets manager, never in your repo.

Quick audit

  • SSH keys only, root login disabled
  • Automatic updates enabled
  • Firewall configured
  • No unnecessary ports forwarded
  • Backups running and tested
  • Reverse proxy with TLS for anything exposed

Tick these boxes and your home server will be safer than the vast majority out there.

Verwandte Artikel

NetzwerkeAnfänger

Pi-hole installieren

Blockiere Werbung und Tracker im ganzen Netzwerk, indem du Pi-hole Schritt für Schritt auf deinem Heimserver installierst.

1 Min. Lesezeit
NetzwerkeFortgeschritten

Netzwerk-Leitfaden für Heimserver

Reverse-Proxys, DNS, VLANs und sicherer Fernzugriff: gib deinen Diensten saubere, erreichbare Namen.

1 Min. Lesezeit
Erste SchritteAnfänger

Was ist ein Heimserver? Eine verständliche Einführung

Eine einsteigerfreundliche Erklärung, was ein Heimserver ist, was du damit machen kannst und wie du entscheidest, ob du einen bauen solltest.

2 Min. Lesezeit