ESXi 6.0 introduces root account lockout. There're bunch of bots out there trying to brute-force attack your ssh/ESXi root password, making your root account easily vulnerable to be locked out. A good security practice to amend the issue is to enable SSH server on ESXi with KEY-BASED authentication ('PasswordAuthentication no' in /etc/ssh/sshd_config) then to enable ESXi firewall and restrict the ESXi vSpehere client to your static IP addresses as mentioned here:
esxcli network firewall set --enabled true
esxcli network firewall ruleset set -a=false -r=vSphereClient
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=vSphereClient
You need to limit your SSH port as well:
esxcli network firewall set --enabled false
esxcli network firewall ruleset set -a=false -r=sshServer
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=sshServer
esxcli network firewall set --enabled true
Subscribe to:
Post Comments (Atom)
How to disable Debian 12 sleep on production servers
Debian 12 has power saver enabled by default which causes your server to go to sleep if there is no mouse / keyboard interaction. To resolv...
-
This post shows how to configure a mail proxy server to connect clients in an intranet to an external mail server. I will use SSL offloading...
-
An updated version of this post is available here . I use this tutorial to setup RemoSIM.com product for customers. RasPBX – Asterisk for ...
-
I use this tutorial to setup RemoSIM.com product for customers. To do: - Add instructions for enabling fail2ban for asterisk - Fix the fre...
No comments:
Post a Comment