0

I am about to set up a server cluster for our company's web applications.

At the beginning there will be 3 hardware servers in Proxmox HA setup in a remote datacenter running about 20-30 VMs all running Linux.

Both the HW and VM servers will be interconnected using a local LAN since they need to exchange data. The idea is that only one VM is accessible from the Internet and that it will be running HAproxy to distribute the requests to the relevant nodes accross the LAN.

What's a good way to manage access to the VMs? As said, the whole cluster is in a remote dats center. I'm unsure how to...

  • provide SSH access for our develooers at network level
  • secure those SSH accesses

Setting and remembering 20-30 strong passwords seems like overkill, so what comes to my mind is to block the SSH ports to the public Internet, provide access to the remote LAN via VPN and use weak or identical passwords for the VMs.

Anyway, what is a good practice in such scenarios?

Note: Moved here from Stackoverflow.

Improve this question

1 Answer 1

Reset to default
0

Using weak or identical passwords, even on an internal system should make any system administrator shiver and should never be done. Providing VPN access or a Jump-host would be the way to go. Then by using public key authentication you can allow specific hosts to connect to all machines without even needing to provide the password, and it will be easy to revoke access by just deleting the key on the server.

Improve this answer
1
  • Interesting. How do you deploy the publuc keys? With tools like Puppet, Chef? Commented Jun 21, 2015 at 10:07

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.