ESXi 6.0 introduces root account lockout. There're bunch of bots out there trying to brute-force attack your ssh/ESXi root password, making your root account easily vulnerable to be locked out. A good security practice to amend the issue is to enable SSH server on ESXi with KEY-BASED authentication ('PasswordAuthentication no' in /etc/ssh/sshd_config) then to enable ESXi firewall and restrict the ESXi vSpehere client to your static IP addresses as mentioned here:
esxcli network firewall set --enabled true
esxcli network firewall ruleset set -a=false -r=vSphereClient
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=vSphereClient
You need to limit your SSH port as well:
esxcli network firewall set --enabled false
esxcli network firewall ruleset set -a=false -r=sshServer
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=sshServer
esxcli network firewall set --enabled true
Subscribe to:
Post Comments (Atom)
How to export Apple Health / Google Fit training activity to TCX format
I own a Xiaomi Smart Band 7, and recently, my Mi Fitness app stopped syncing running activities to Strava. Mi Fitness supports syncing dat...
-
This post shows how to configure a mail proxy server to connect clients in an intranet to an external mail server. I will use SSL offloading... -
I use this tutorial to setup RemoSIM.com product for customers. To do: - Add instructions for enabling fail2ban for asterisk - Fix the fre...
-
An updated version of this post is available here . I use this tutorial to setup RemoSIM.com product for customers. RasPBX – Asterisk for ...
No comments:
Post a Comment