VMware Cloud Community
JOeNg201110141
Contributor
Contributor
‎07-24-2011 09:32 PM

Security Hardening issue for DCUI account & termination session for SSH

Hi All,

Due to the security hardening issue for ESXi 4.1 update 1, we still got few problem for it.

For the default account "DCUI", what is the default password and is it ok to change? After changed, will any side effect for system?

If I change the permission to "no access" or "ready-only" is it ok?

Another question is for the terminate session for SSH after n times login, is there a configuration file for this setting?

Since I can't find too much documents which is related to security hardening issue, I post quite a lot questions here.
Thanks so much for your help.

0 Kudos
3 Replies
AndreTheGiant
Immortal
Immortal
‎07-24-2011 10:04 PM

There isn't a default password... During a fresh install you can have a blank password.

You can change without issue.

About  permission you need them for at least one user... If you have vCenter  keep permission for vpxa and you can change permission for root.

But I suggest to first create another user with a strong password and keep permission on it.

About SSH you can simple disable it and use PowerCLI or RCLI.

PS: if you have vCenter Server you can also consider to use lockdown mode.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
JOeNg201110141
Contributor
Contributor
‎07-25-2011 12:19 AM

Hi Andre,

For the environment, there is not vCenter installed. Therefore the lockdown mode, cannot be used.

For SSH, we need to keep the service on. And I tried a strange thing for this.
When I use the root account login by SSH, after 10 times retry login, the session will be terminated

When I create another user account to login by SSH, after 5 times retry login, the session will be terminated

Do you know what is the difference for it? Any configuration file control it?

Thanks.

Preview file
59 KB
0 Kudos
JOeNg201110141
Contributor
Contributor
‎07-26-2011 01:15 AM

I think I found the problem for SSH.

Since I need to create another user account for remote SSH login, I changed the shell /etc/passwd file from /sbin/nologin to /bin/ash.

For the user account using the "/sbin/nologin" shell, can be retry 10 times

For the user account using the "/bin/ash" shell, can be retry 5 times

For this, any configuration file control it ?

0 Kudos