> ## Documentation Index
> Fetch the complete documentation index at: https://docs.machine0.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

## Access

* SSH-only. Password authentication disabled.
* Root login disabled. Access via `ubuntu` (or `nix` on NixOS) with sudo.
* Cloud-init randomizes the root password on every VM.

## Keys

**Public keys** -- your private key never leaves your machine.

**Managed keys** -- server-generated keypair. Private key returned once at creation, saved locally with `0600` permissions.

## Network

* Every VM gets a dedicated public IP.
* VMs are isolated from each other at the network level.
* HTTPS endpoints at `<vm>.mac0.io` are authenticated to the VM owner.
* `ufw` enabled by default with ports 22, 80, 443 open.