ESXi 6.0 introduces root account lockout. There're bunch of bots out there trying to brute-force attack your ssh/ESXi root password, making your root account easily vulnerable to be locked out. A good security practice to amend the issue is to enable SSH server on ESXi with KEY-BASED authentication ('PasswordAuthentication no' in /etc/ssh/sshd_config) then to enable ESXi firewall and restrict the ESXi vSpehere client to your static IP addresses as mentioned here:
esxcli network firewall set --enabled true
esxcli network firewall ruleset set -a=false -r=vSphereClient
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=vSphereClient
You need to limit your SSH port as well:
esxcli network firewall set --enabled false
esxcli network firewall ruleset set -a=false -r=sshServer
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=sshServer
esxcli network firewall set --enabled true
Subscribe to:
Post Comments (Atom)
How to set up Kodi with YouTube addon on Raspberry OS Debian 12
In this post, we review how to run Kodi with Kodi Youtube Addon on Raspberry Pi 5. There are two versions of Kodi available on Raspberry P...
-
This post shows how to configure a mail proxy server to connect clients in an intranet to an external mail server. I will use SSL offloading... -
I use this tutorial to setup RemoSIM.com product for customers. To do: - Add instructions for enabling fail2ban for asterisk - Fix the fre...
-
An updated version of this post is available here . I use this tutorial to setup RemoSIM.com product for customers. RasPBX – Asterisk for ...
No comments:
Post a Comment