Setting Up My First Jump Server

scottalanmiller

Fail2Ban is important and you will often want to have IPTables lock access to just your IP address or range for extra security. Although if you have a dynamic IP that can be problematic.

thanksajdotcom

@scottalanmiller said:

Fail2Ban is important and you will often want to have IPTables lock access to just your IP address or range for extra security. Although if you have a dynamic IP that can be problematic.

Right, but Fail2Ban will only lock after X number of failed login attempts, right?

scottalanmiller

Some people use different OSes for their jump servers too to make them have different vulnerabilities than the systems that they support. That way if there is a weakness in the OS that you are jumping to (Ubuntu, probably, for you) the jump server is not exposed to the same risk requiring someone to hack into two different systems to get through your barriers. Commonly you would see FreeBSD, NetBSD, Solaris or OpenBSD used in those cases. Dragonfly would work great too.

scottalanmiller

@thanksaj said:

Right, but Fail2Ban will only lock after X number of failed login attempts, right?

Correct.

thanksajdotcom

@scottalanmiller said:

@thanksaj said:

Right, but Fail2Ban will only lock after X number of failed login attempts, right?

Correct.

Ok, cool.

thanksajdotcom

What do I do to configure Fail2Ban? I've never set it up before. Any good walkthroughs?

scottalanmiller

@thanksaj said:

What do I do to configure Fail2Ban? I've never set it up before. Any good walkthroughs?

It sets itself up on install on most systems.

thanksajdotcom

@scottalanmiller said:

@thanksaj said:

What do I do to configure Fail2Ban? I've never set it up before. Any good walkthroughs?

It sets itself up on install on most systems.

So nothing I really need to configure on it?

scottalanmiller

Nope. Out of the box it handles SSH.

thanksajdotcom

@scottalanmiller said:

Nope. Out of the box it handles SSH.

Sweet!

Reid Cooper

What OS are you using?

thanksajdotcom

@Reid-Cooper said:

What OS are you using?

I already had the Ubuntu 14.04 ISO on my ESXi server, so I used that. Keeps it all consistent. I was tempted to use CentOS though...

scottalanmiller

Why do you use an old version of Ubuntu? We are already halfway through the lifespan of 14.04's replacement, 14.10. 15.04 is just three months away.

thanksajdotcom

@scottalanmiller said:

Why do you use an old version of Ubuntu? We are already halfway through the lifespan of 14.04's replacement, 14.10. 15.04 is just three months away.

I'm on 14.04 LTS. That's the recommended use version from Ubuntu. Check their site.

thanksajdotcom

http://www.ubuntu.com/download/server

See??

thanksajdotcom

Also, when I update to 14.10, $4!+ goes haywire...