In the firewall, you could set up rules that block connections to SSH from all IP addresses except those from your Veeam server and that (those) of your workstation(s). For every TCP connection that a job uses, one port from this range is assigned.įull documentation on ports used by Veeam can be found here: The default range of ports used as data transmission channels. The default port used by the Veeam Data Mover Port used as a control channel from the console to the target Linux host Remote control via SSH has again been deactivated.įirewallIf the above method is too restrictive, a permanent solution could be to move the Linux server behind a separate firewall.Ī few ports and port ranges need to be open for the TCP protocol for Veeam Backup & Replication to be able to control the repository hosted by the Linux server:
To restart the SSH service, run this command: If you try, you'll see that the connection is refused: Notice, that the status now is inactive (dead) and neutral colour.Īfter a log out in the SSH client, you can't log in again. Sudo systemctl stop rvice Note, that this command does not close a current connection you can call this command from an SSH client, view the status, and even restart the service, if you like.Ĭhecking the status, when the service is stopped, will show this: To stop the SSH service, run this command: If running normally, you will see the current status and the recent log: To view the status of SSH, run this command: You don't have to uninstall the service, only stop it. However, a less brute and more flexible method is to deactivate the service.ĭeactivate SSH on the Linux serverOne safe method to disable remote access to the Linux server is, of course, to shut down the SSH service itself. The ultimate method is, of course, simply to shut down the SSH server on the Linux server. SSH is, in general, considered to be extremely secure and, by all practical measures, impossible to crack. All of these are related to SSH, the method we use to remote control the server as it, in many cases, is quite cumbersome to be forced to sit and physically operate the server via a directly connected keyboard and monitor. In this section, some methods will be shown to tighten the security on the server. Tighten security on the Linux serverIn the previous sections, Part 7, we equipped the Linux server with a proven backup system to be able to quickly perform a bare metal recovery and bring the server online, in case the system drive should cease to function.
Veeam backup exchange trial#
It can be a licensed trial or paid version or even the free Community Edition. Veeam Backup & Replication is assumed to be of version 11 or later. the command line - from PowerShell, Command Prompt, or even DOS.Veeam Backup & Replication and have it installed and running.
Veeam backup exchange windows#
the usual tasks administering at least a small network with one Windows Server.Part 9 - Maintenance and deactivation/reactivation of MFA/2FA.Part 8 - Tighten security on the Linux server (MFA/2FA).Part 7 - Bare Metal Recovery of the Linux server.Part 6 - Backup of the Linux server itself.Part 5 - Prepare for backup of the Linux server itself.Part 4 - Create the immutable Veeam backup repository.
This you can accomplish by immutable backups stored on a physical server running Linux. Introduction Purpose of these articlesYou are a Windows administrator running Veeam Backup & Replication and wish to raise protection against malware attacks and hackers without reverting to shuffle or rotating physical media.
0 kommentar(er)
