Skip to content

PVE 1

Jump to bottom Edit New page
cypx edited this page Nov 15, 2014 · 7 revisions

IPv4: 37.59.46.214

IPv6: 2001:41D0:8:69d6::

Reverse: ns3000756.ip-37-59-46.eu

OS: Proxmox PVE 3.3 (Debian 7)

Manager: https://37.59.46.214:8006

Configuration

Disable entreprise support and upgrade

$ vi /etc/apt/sources.list.d/pve-enterprise.list

#deb https://enterprise.proxmox.com/debian wheezy pve-enterprise

$ aptitude update
$ aptitude upgrade

Reboot to load upgraded kernel

$ reboot

Enhance network configuration

$ vi /etc/host.conf

# The order option specifies the order in which the resolving services are tried.
order hosts,bind
# Machines with multiple IP addresses.
multi on
# Check for IP address spoofing.
nospoof on

Reduce FS write by disable access time stats

$ vi /etc/fstab

/dev/pve/data   /var/lib/vz     ext3    defaults,noatime,barrier=0      1       2

$ mount -o remount /var/lib/vz

Firewall

Managed via PVE interface:

  • Global configuration:
  • Input policy: Drop
  • Output policy: Accept
  • Proxmox server specific configuration
  • Input Accept SSH macro
  • Input Accept TCP destination port 8006 (PVE Interface)

Authentification

Install sudo

$ aptitude install sudo

Create users

$ adduser cyprien
$ adduser cyprien sudo
$ adduser damien
$ adduser damien sudo

Disable password for sudo user

$ vi /etc/sudoers

%sudo   ALL=(ALL:ALL) NOPASSWD: ALL

Import user keys

$ mkdir /home/cyprien/.ssh
$ vi /home/cyprien/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcfKIecdzoLMZtfB64eiPXoy3ye5xQoYUZcUxLWxb73dtxB1DUYX8LjSKHxQmkjk9uKZlwPsvU+YugpwGli3ogmf3vNc1IFbgIHAS6NwkmPHmXNLlWEXWX22xTp4MK6/FkjsjLA2MV4mZFF2BO+B8sqW4yiw/PEmvWWSRGKrWzRGOJwtrYy0SQWYLIHv8lTNEsLvWFOAJwG9Ggjc8hiPAOJqAsD/mzZeXUWKTZ4KUprN+HtJH9/ZzIQN1u7xaFuG0IQXkj/7zwVnxf4Fn4/ZaG5wRgWjNYg20s1Gjb/wG8lkhAbXRKtltSWf+oxVorhtSGEafVivPkT0Us5BXKgaeX cyp@hood

$ mkdir /home/damien/.ssh
$ vi /home/damien/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0HYe9zhtHox5LgccmdAyRp6tY+O1g19KGjePsBqgCWqd2KUye3qFjVN3Sl51EqKF8DsUPGUSr9BH0y6iS3XtOIfDUC6OpsimwO8FhB+NZ3myfq8hhprSMcEw0Xwrz6Rxl7WySQ9dVH6g6sKMJ5zSQfEaXOiyYCMMvgy0jbkKVl6J5CCgImKeF+mV5FwYTgMS0MKmtDwn7wZzFoyJGhp5jYFUyfDvycrLEYPl8hM9Y7KwkN66UhyNlXKpC7CgyhR8I3Qb6CNSpm1OSnzFmIkZf1Bfn+xztVgK677IxmlsWCe8DuNSi7lTTP8UMCxry7Su9jVdZDhk3x6xxQRcD/GOnw== damie_000@BUREAU1

Disable root login for SSH

$ vi /etc/ssh/sshd_config

PermitRootLogin no

$ service ssh restart

Add a custom footer

Home

Hosting:

Clone this wiki locally