RustDesk Server controls signaling (hbbs) and relay (hbbr) for remote desktop sessions. Hardening should focus on key enforcement, port minimization, and strict relay exposure.
¶ 1) Enforce server key trust and encrypted sessions
- Configure clients with server public key from
id_ed25519.pub.
- Enforce key requirement with
-k _ for hbbs/hbbr to reject keyless connections.
- Rotate keypair intentionally when compromise is suspected.
- Keep key material with strict file permissions.
¶ 2) Minimize exposed ports and relay surface
- Open only required RustDesk ports for your use case.
- Close web client websocket ports if not used.
- Restrict relay access with firewall rules and source constraints.
- Keep hbbs/hbbr on dedicated host or isolated network segment.
¶ 3) Secure operations and monitoring
- Run services as dedicated non-root users.
- Enforce HTTPS reverse proxy for web components.
- Rotate admin credentials and access tokens.
- Monitor connection/relay logs for abnormal session patterns.
- RustDesk self-host docs: https://rustdesk.com/docs/en/self-host/
- RustDesk installation and key enforcement: https://rustdesk.com/docs/en/self-host/install/index.html
- RustDesk server source repository: https://github.com/rustdesk/rustdesk-server
Any questions?
Feel free to contact us. Find all contact information on our contact page.