We are working on to fix Security and Compliance Analyzer recommendations. We have run the script provided by Veeam. We are concerned about Item 28: "Hardened repositories should have the SSH server disabled." Since the Veeam Backup and Replication server connects to the Linux Hardened Repository via SSH, is it safe to have SSH disabled? Does Veeam Backup and Replication connect to the Hardened Repository over SSH on a port other than 22?
Page 1 / 1
From my understanding veeam only connects to the repo via ssh to install an Agent. Afterwards all communication goes via the agent and not via ssh. Thats why you use a “one time Credential” to connect VBR to the Repo and not a standard linux user.
as
After that disable and stop the service. So the repo isn’t more visible than needed.
Hi
Per the User Guide discussing Security Compliance Analyzer
https://helpcenter.veeam.com/docs/backup/vsphere/best_practices_analyzer.html?ver=120
“SSH connection is necessary only for the deployment of Veeam Data Mover. For security purposes, after adding the hardened repository to the backup infrastructure, the SSH connection should be disabled for the user account used to connect to the Linux server or for the server itself.”
Hope that helps.
Best.
After using the one-time credentials via SSH to connect your VHR it then sets up a certificate that is then uses going forward. I know v13 does it this way and does not use credentials and it disables SSH too. So you are good to have it disabled.
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.