Networking and 1U Colocation
-
@eddiejennings said in Networking and 1U Colocation:
@stacksofplates said in Networking and 1U Colocation:
If you're not having other people connect to it and it's just for testing, I'd just leave the connection go to the host (SSH and Cockpit) and then join all of your VMs to ZeroTier.
Would you expose your hypervisor to the Internet with no firewall in between?
I forget what hypervisor you're doing and don't feel like scrolling up, so I'm assuming KVM.
But I see no reason to really treat the hypervisor much different than a VPS that basically directly exposed to the public too.
For your hypervisor, you can do what I do for my VPS and ONLY allowSSH, only key-based access, and no root login via ssh. Also make sure you got logwatch and fail2ban going.
-
Another good idea is to use something to keep your hypervisor in a specified state, such as SaltStack. That's what I use on my VPS, so I always know a bunch of specific things are ALWAYS in check.
-
@tim_g said in Networking and 1U Colocation:
fail2ban
Fail2ban does nothing with key based access. It's denied before fail2ban even sees it.
