Last updated on: 2019-12-20
Authored by: Rackspace Support
Migrate an application from Amazon Web Services to Rackspace:
Key-based Secure Shell (SSH) authentication is considered safer than authentication based on user names and passwords for several reasons. For example, the latter method is subject to brute-force attacks, poor password strength, and a higher risk of remote theft. For these reasons, we recommend that you enable key-based SSH or OpenSSH authentication on your newly provisioned cloud server. For instructions, see the following reference that corresponds to your server’s operating system (OS) distribution:
Consider disabling password authentication altogether, or at least disabling root logon. Also consider limiting simultaneous user logons and using a nonstandard (other than port 22) port for SSH.
Tighten iptables rules by using the following steps:
Allow remote access only from a trusted IP or range by entering the following command:
iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 22 -j ACCEPT #Replace XXX.XXX.XXX.XXX with your IP
Limit the number of connections to the SSH port by entering the following commands:
iptables -A INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 --syn -j DROP
Prevent brute-force attacks by using the following commands to log and block repeated attempts from the same IP address:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
To create a robust and scalable monitoring system, consider using Rackspace Cloud Monitoring. For information about installing, configuring, and running an agent and enabling monitoring checks by using the Cloud Control Panel, read Install and configure the Rackspace Monitoring Agent.
After you have installed the agent, based on your requirements, you can configure one or more of the following checks and alerts:
Backups are an integral part of any production-level deployment and an essential component of a disaster recovery (DR) strategy. Rackspace provides a file-based backup system to help you meet your backup and restore needs. You can install the Rackspace Cloud Backup agent by following the steps in the article Install or update the Cloud Backup agent on Linux or Install the Cloud Backup agent on Windows.
Cloud Backup has the following key features:
©2020 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License