Host hardening

Harden your Proxmox VE host

Even if your Proxmox VE system is just a small homelab for personal use, you have to consider its security posture. The chapters listed next offer procedures to harden different aspects of your Proxmox VE standalone node:

TFA authentication

Enable Two-Factor Authentication in your Proxmox VE system both at its shell and web console levels.

1st

Alternative administrator user

Create a non-root sudo-enabled administrator user for handling your daily management tasks on your Proxmox VE system.

2nd

SSH key pairs and sshd service configuration

Encrypt the SSH connections with your Proxmox VE server using strong SSH key pairs. Also make your sshd service’s configuration more secure.

3rd

Enabling Fail2Ban

Protect your Proxmox VE server from brute force login attacks with Fail2Ban.

4th

Proxmox VE services

Reduce the services exposed on your Proxmox VE system down to those you really need.

5th

Network hardening with sysctl

Harden the networking configuration of your Proxmox VE system by applying specific sysctl configurations.

6th

Mitigating CPU vulnerabilities

Mitigate the vulnerabilities of your computer’s CPU with an update.

7th

Firewalling

Restrict the in and out network flows from your Proxmox VE server by enabling its integrated firewall.

8th

Removing Proxmox's subscription warning TFA authentication