MeshCentral is often used for remote support and endpoint management, so configuration quality directly affects security risk.
¶ Main configuration file
Primary file: meshcentral-data/config.json
Example baseline:
{
"settings": {
"cert": "mesh.example.com",
"port": 443,
"redirPort": 80
},
"domains": {
"": {
"title": "MeshCentral",
"newAccounts": false,
"minify": true
}
}
}
- Disable open self-registration (
newAccounts: false) unless needed.
- Enforce 2FA for administrator accounts.
- Restrict remote-control rights by group/role.
- Keep agent auto-update policy controlled and tested.
¶ Endpoint and relay policy
- Separate production and lab devices into different groups/domains.
- Log remote sessions and access events.
- Define approval flow for privileged remote sessions.
- Keep relay and websocket endpoints behind TLS.
¶ Backup and recovery
Back up:
meshcentral-data directory (config, DB/files)- TLS certificates and reverse proxy config
Recovery test:
- Restore data to test node.
- Reconnect one enrolled agent.
- Validate remote terminal/desktop functionality.
- Agent check-in rate monitored.
- Failed login and privilege escalation attempts alerted.
- TLS renewal monitored.
- Emergency account recovery documented.
Feel free to contact us. Find all contact information on our contact page.