Don’t enable root access for SSH
I came across some scripts to run on your ESX server after it has been installed. These script did some stuff like disabling firewall and enabling root logon from a remote system.
Although it looks like it makes your life easier now you can logon with root from a remote system I would urge you not to do these kind of things.
VMware ESX is the core of your virtual infrastructure. Like every core system you want it to be as secure as possible. You don’t give everybody access to your bank account so why do it to your infrastructure?
It’s better to create a seperate user you can use to connect to the system and then use sudo (execute command als super user). This way you don’t have to use the root account to logon and it’s easier to monitor which user is doing what. It also makes intrusion detection easier.
I also think you should use iptables to further enhance your security. Only allow access to your system from IP ranges that really need access to the server and deny all other ranges.
- Getting started with Photon OS by Anne Jan Elsinga
- Best Practices for Hardening the Veeam Backup… by Edwin Weijdema
- How to: Deploy vRealize Automation 8 by Erik Scholten
- Add Veeam to a Workgroup, Domain or Forest? by Edwin Weijdema
- Managing Puppet code with a source control repository by Dimitri De Swart