Don’t enable root access for SSH
I came across some scripts to run on your ESX server after it has been installed. These script did some stuff like disabling firewall and enabling root logon from a remote system.
Although it looks like it makes your life easier now you can logon with root from a remote system I would urge you not to do these kind of things.
VMware ESX is the core of your virtual infrastructure. Like every core system you want it to be as secure as possible. You don’t give everybody access to your bank account so why do it to your infrastructure?
It’s better to create a seperate user you can use to connect to the system and then use sudo (execute command als super user). This way you don’t have to use the root account to logon and it’s easier to monitor which user is doing what. It also makes intrusion detection easier.
I also think you should use iptables to further enhance your security. Only allow access to your system from IP ranges that really need access to the server and deny all other ranges.
- PowerShell Friday: Copying files with Copy-VMGuestFile by Sander Martijn
- Working with the VMware vCenter Server Appliance by Edwin Weijdema
- VMware Fling – VNC Server and VNC Client by Alex Muetstege
- VMware Fling – Services Virtual File System by Anne Jan Elsinga
- PowerShell Friday: Load PowerCLI from your own script by Anne Jan Elsinga
Anne Jan Elsinga
Anne Jan Elsinga is a Technical Account Manager for VMware. In the past he worked as presales and technical consultancy and architecture for several systems integrators. From 2009 until 2017 he was awarded with the VMware vExpert status. In the night time he dances latin, ballroom and salsa and he also discovered the pleasure of diving and woodworking. Recently he started blogging about smart homes and comfort in general.