@Pete-S said in Pure KVM server "hardening"?:
I'm thinking about running pure KVM on debian for virtualization hosts. Not Proxmox. There will be no GUI on the servers, no web interface, only ssh for management.
Do I need to do anything special to lock down the security?
I've never used KVM in production, only on my desktop and then I've had virt-manager as well as tools like virtsh. So I don't really know what is required for a pure KVM server to be as "secure" as proxmox, xcp-ng or whatever.
I'd consider this normal rather than special, but force only key-based authentication for SSH.