For our Managed Backup service to function, Tilaa requires specific access to your server. We use a secure, automated system based on SSH keys to perform these backups.
How it works
During the initial setup, we log in once with the root password to install our RSA public key. Once this key is placed, our system uses key-based authentication for all future backups. This key is restricted to only execute rsync commands.
Our key is stored in
/root/.ssh/authorized_keys.Never remove this key or delete this file. Doing so will immediately break the backup connection, leaving your server without new backups.
Hardening your SSH Configuration
Once the backup service is active, we strongly recommend disabling password authentication for the root user. This prevents brute-force attacks while still allowing our backup system (and you) to log in using SSH keys.
Recommended Configuration
1. Open the SSH configuration file:
sudo vim /etc/ssh/sshd_config2. Find the line PermitRootLogin and change it to:
PermitRootLogin prohibit-password
(Note: On older Linux distributions, use without-password instead of prohibit-password).
3. Save the file and restart the SSH service:
# For Debian/Ubuntu
sudo systemctl restart ssh
# For CentOS/RHEL
sudo systemctl restart sshdBefore restarting the SSH service, ensure you have verified your own SSH key access to the server. If you disable password logins without having your own key set up, you will lock yourself out (and will need to use the Video Display console to fix it).