How to protect ESXi from the world?

F

Fiftydotov2021-08-27 13:40:31

SSH

Fiftydotov, 2021-08-27 13:40:31

Hello everyone, I have a rather difficult question.

I took a host on Hetzner, rolled ESXi, hid it behind DNS on CF, a trusted certificate arrived automatically, everything is fine. But of course there is no certificate by ip, and having opened ssh for an hour, having done a couple of manipulations in it, I lost access to the server. Xs, maybe I messed up somewhere with certificates when I tried to slip them, but you can no longer log in using the password that root set.
Well, most likely you will have to roll ESXi again.

I already made a whitelist in Hetzner on the cf server and on my office, as a backdoor for myself, and closed it for the rest of the world. Now the question is: how else can you protect yourself? An ssl certificate for ssh authorization comes to mind, but I still haven’t found adequate instructions on which certificate to use and which one to insert for this, if there is a guide, I would be grateful.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Armenian Radio, 2021-08-27
@Fiftydotov

SSL has nothing to do with SSH, it has its own security based on RSA/DSA keys. The number of guides for configuring SSH login using the RSA key is a wagon.
I personally don’t see much point in restricting access to IP addresses if there are keys, but there is still a risk of being left with a nose when changing IP.