Skip to content

Security Best Practices

Essential security guidelines for protecting your Spheron account and GPU instances.

Account Security

Credentials Protection:
  • Use strong, unique passwords
  • Never share: passwords, API keys, SSH keys, payment info
  • Verify URLs before entering credentials (official: spheron.network)
Phishing Protection:
  • Beware of fake support messages and impersonation
  • Only use official channels (see General Info)
  • Verify domains before clicking links

SSH Keys

Required for instance access. Only upload public keys to Spheron.

Best Practices:
  • Generate: ED25519 or RSA 4096-bit
  • Protect: Use passphrases, never share private keys
  • Store: Secure location, not in repositories
  • Rotate: Every 90 days
  • Organize: Different keys for different services

See SSH Connection Guide for setup.

API Keys

For programmatic access (see API Reference).

Best Practices:
  • Store in environment variables, never hardcode
  • Rotate every 90 days
  • Revoke immediately if compromised
  • Use separate keys per environment
  • Never commit to version control
export SPHERON_API_KEY="your-api-key"  # Good

Monitoring & Alerts

Monitor regularly to detect unauthorized access:

  • Active instances and deployments
  • Billing and credit usage
  • API activity logs
Set up alerts:
  • Enable billing notifications in User Settings
  • Set spending limits
  • Track unusual activity

See Billing for monitoring details.

Instance Security

Network:
  • Close unnecessary ports
  • Use firewall rules
  • SSH keys only (disable password auth)
  • VPN/SSH tunneling for sensitive services
System:
  • Keep software updated
  • Apply security patches promptly
  • Monitor logs regularly
  • Backup important data before terminating
Startup Scripts:
  • Review scripts before deployment (they run with root)
  • Never hardcode credentials
  • Use secrets management for sensitive data
  • Test in development first

See Connecting to Instances for startup script examples.

Official Channels & Support

For a complete list of official Spheron channels and contact information, see General Information.

Security reminder: Always verify you're on the correct official domain before:

  • Entering login credentials
  • Connecting your wallet to any website
  • Sharing sensitive information
  • Clicking links in messages or emails

Bookmark official URLs and double-check domains to avoid phishing attempts.

Reporting Security Issues

If you suspect unauthorized access or find a vulnerability: Immediate Actions:
  1. Change account password
  2. Revoke compromised API/SSH keys
  3. Terminate suspicious instances
  4. Review billing for unauthorized usage
Report:
  • Contact through official channels (see General Info)
  • Provide: timestamps, affected resources, observed behavior
  • Help community: report phishing attempts

Security Checklist

Account:
  • Strong unique password
  • Regular activity reviews
Keys:
  • SSH public keys only uploaded
  • Passphrases on private keys
  • 90-day key rotation
  • API keys in environment variables
Instances:
  • Firewall configured
  • Software kept updated
  • Unnecessary ports closed
  • Terminate when not in use

Additional Resources

Powered by Spheron
© 2025 Spheron Network. All rights reserved.