Don’t enable root access for SSH
I came across some scripts to run on your ESX server after it has been installed. These script did some stuff like disabling firewall and enabling root logon from a remote system.
Although it looks like it makes your life easier now you can logon with root from a remote system I would urge you not to do these kind of things.
VMware ESX is the core of your virtual infrastructure. Like every core system you want it to be as secure as possible. You don’t give everybody access to your bank account so why do it to your infrastructure?
It’s better to create a seperate user you can use to connect to the system and then use sudo (execute command als super user). This way you don’t have to use the root account to logon and it’s easier to monitor which user is doing what. It also makes intrusion detection easier.
I also think you should use iptables to further enhance your security. Only allow access to your system from IP ranges that really need access to the server and deny all other ranges.
Related Posts
Leave a Reply Cancel reply
You must be logged in to post a comment.