Solved

how to change the ssh control for CVM

C
Badge +6

Hi

 

I have a question in the Nutanix enviroment.

I need to change control for the ssh to CVM so that just some IPs can access to avoid some intrusion access.

I checked the <Nutanix security Guide> and there are some descriptopm in TCP Wrapper Integration, But after I changed the file of /etc/hosts.allow to include just the allowed IPs and CVM management subnet. But It will be changed to default after the cluster security config schedule(by default daily.)

 

Is it possible to change the sshd allow list to achieved this goal? there are security requreiments for the enviroment.

 

thanks.

icon

Best answer by Sergei Ivanov 7 April 2021, 16:16

According to the Security Guide you will need to modify the following file:

/srv/salt/security/CVM/network/hosts.allow

If you modify only the /etc/hosts.allow, the Salt will overwrite it with the next run.

 

View original

3 replies

Sergei Ivanov
Rank
Userlevel 3
Badge +4

According to the Security Guide you will need to modify the following file:

/srv/salt/security/CVM/network/hosts.allow

If you modify only the /etc/hosts.allow, the Salt will overwrite it with the next run.

 

Sr. SRE | Nutanix Worldwide Support | NSS #464, NCAP, VCP6.5-DCV, RHCSA, EMCSA, AWS and Google Cloud certified
C
Badge +6

Hi Segei

 

Thanks for your information, I also noted the file of /srv/salt/security/CVM/Network/hosts.allow description. So l will change the file and check whether it can be worked and update the result.

 

Thanks Sergei.

C
Badge +6

@Sergei Ivanov 

 

It is worked after tested in the enviroment. Thanks for your solution.

Reply