[SOLVED] ssh hardening !

atec666 · Jul 16, 2019

with proxmox mail gateway is it possible to setup sshd_config without kiling cluster features an stuff etc ?

with those modifications :

PermitRootLogin prohibit-password
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

dcsapak · Jul 16, 2019

yes this should work, as long as passwordless ssh between the nodes work

oguz · Jul 16, 2019

you can also install fail2ban to stop brute-force attacks

atec666 · Jul 16, 2019

oguz said:
you can also install fail2ban to stop brute-force attacks

Thank u for you answer.
i test it this night, it seems to work with those parameter.

LnxBil · Jul 16, 2019

oguz said:
you can also install fail2ban to stop brute-force attacks

and additionally only allow special IP addresses or ranges to connect to your service. Fail2ban is nice, but blocking 99,99% of the attack surface also works nice.

atec666 · Jul 18, 2019

witerosbaa said:
you should install firewall to preven bruce force

PMG (cluster) is behind a firewall ...

Search

Search

[SOLVED] ssh hardening !

atec666

Member

dcsapak

Proxmox Staff Member

oguz

Proxmox Retired Staff

atec666

Member

LnxBil

Distinguished Member

atec666

Member