Nov
11
2008

Don’t enable root access for SSH

I came across some scripts to run on your ESX server after it has been installed. These script did some stuff like disabling firewall and enabling root logon from a remote system.

Although it looks like it makes your life easier now you can logon with root from a remote system I would urge you not to do these kind of things.

VMware ESX is the core of your virtual infrastructure. Like every core system you want it to be as secure as possible. You don’t give everybody access to your bank account so why do it to your infrastructure?

It’s better to create a seperate user you can use to connect to the system and then use sudo (execute command als super user). This way you don’t have to use the root account to logon and it’s easier to monitor which user is doing what. It also makes intrusion detection easier.

I also think you should use iptables to further enhance your security. Only allow access to your system from IP ranges that really need access to the server and deny all other ranges.

  • Share/Bookmark

Related posts:

  1. VMware vCenter Mobile Access
  2. Changing volume access from command line for EqualLogic
  3. Do the math correctly
  4. VMware VMware Fusion 3 release
  5. Real thin clients with Sunray
Written by Anne Jan Elsinga in: VMware | Tags: , ,
In real live MeAgain is Anne Jan Elsinga. He's a Technical Consultant for Centric Managed ICT Services in the Netherlands. He spends his working hours with a lot of virtualization stuff, from feasibility to implementation for server virtualization/consolidation and desktop virtualization. In the night time he dances latin, ballroom and salsa and he recently discovered the pleasure of diving.
blog comments powered by Disqus

Powered by WordPress | Aeros Theme | TheBuckmaker.com WordPress Themes