XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Xen Orchestra on publicly accessible VM

    Scheduled Pinned Locked Moved
    Management
    4
    4
    52
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fred974
      last edited by

      Hi,

      I am deploying Xen Orchestra on an OVH cloud VPS to managed multiple Hosts at different locations. Could you please tell me if the login interface has any brute force attack prevention built in? Is it secure enough to be publicly accessible? I have already set 2FA but couldn't see any option for FIDO2 or passwordless authentication.

      Thank you

      1 Reply Last reply Reply Quote 0
      • olivierlambertO
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        1. Yes
        2. No FIDO2 auth, you can however use OIDC and connect to a SSO provider with FIDO2 access.
        1 Reply Last reply Reply Quote 0
        • A
          adriangabura
          last edited by

          Nothing is secure enough, for it depends on your requirements and scope. It's a very bad practice to open such interfaces to the public space. As a suggestion - SSH tunnel, site-to-site VPN. There are a lot of potential solutions, but as I said it all depends on your security policy.

          K 1 Reply Last reply Reply Quote 0
          • K
            KPS Top contributor @adriangabura
            last edited by

            You can easily add some firewall rules as an additional layer and/or restrict to ssh-forwarded sessions

            1 Reply Last reply Reply Quote 0
            • First post
              Last post