[SOLVED] ssh hardening !

Discussion in 'Mail Gateway: Installation and configuration' started by atec666, Jul 16, 2019.

  1. atec666

    atec666 Member

    Joined:
    Mar 8, 2019
    Messages:
    49
    Likes Received:
    2
    with proxmox mail gateway is it possible to setup sshd_config without kiling cluster features an stuff etc ?

    with those modifications :

    PermitRootLogin prohibit-password
    PubkeyAuthentication yes
    PasswordAuthentication no
    PermitEmptyPasswords no
    ChallengeResponseAuthentication no
     
    #1 atec666, Jul 16, 2019
    Last edited: Jul 16, 2019
  2. dcsapak

    dcsapak Proxmox Staff Member
    Staff Member

    Joined:
    Feb 1, 2016
    Messages:
    3,700
    Likes Received:
    338
    yes this should work, as long as passwordless ssh between the nodes work
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. oguz

    oguz Proxmox Staff Member
    Staff Member

    Joined:
    Nov 19, 2018
    Messages:
    643
    Likes Received:
    67
    you can also install fail2ban to stop brute-force attacks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. atec666

    atec666 Member

    Joined:
    Mar 8, 2019
    Messages:
    49
    Likes Received:
    2
    Thank u for you answer.
    i test it this night, it seems to work with those parameter.
     
  5. LnxBil

    LnxBil Well-Known Member

    Joined:
    Feb 21, 2015
    Messages:
    3,937
    Likes Received:
    365
    and additionally only allow special IP addresses or ranges to connect to your service. Fail2ban is nice, but blocking 99,99% of the attack surface also works nice.
     
  6. witerosbaa

    witerosbaa New Member

    Joined:
    Jun 3, 2019
    Messages:
    2
    Likes Received:
    0
    you should install firewall to preven bruce force
     
  7. atec666

    atec666 Member

    Joined:
    Mar 8, 2019
    Messages:
    49
    Likes Received:
    2
    PMG (cluster) is behind a firewall ...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice