During the installation, Hybrid Access Gateway installs the OpenSSH server for communication from outside. A Postgres database is installed and only used for local communication. Connections from outside are disabled by default.
During the installation, the default firewall of Ubuntu is applied. Only features that comes by default with the corresponding Ubuntu base image (currently 18.04) are available within the Hybrid Access Gateway appliance, including:
- Simple Network Management Protocol (SNMP)
SNMP is configured to send information related to its services and system health. However, by default it does not send information to any location as it does not know who the recipient would be. For this, the customer needs to un-comment the trapsess
command in the file /etc/snmp/snmpd.conf and point it to their SNMP manager to start sending information. - Network Time Protocol (NTP)
NTP is installed and set to 0.ubuntu.pool.ntp.org as default. You can change the value over the VM wizard.
If Hybrid Access Gateway is configured to use an external database for users, reporting and OATH, the internal Postgres database service can be turned off without any hassle.
Important
To improve the hardening index of Hybrid Access Gateway, an SSH configuration parameter (MaxAuthTries
) was introduced with Hybrid Access Gateway version 5.13.0. This configuration parameter limits the maximal authentication attempts to the amount of two. This change can affect the SSH authentication, if the client has more than one private key configured that is not configured for the corresponding user in Hybrid Access Gateway. In this case, an authentication with username and password will fail. If this setting affects you, you can increase the amount of authentication attempts.
To increase the amount of authentication attempts:
- Change the parameter
MaxAuthTries
within the file /etc/ssh/sshd_config to a suitable number.
In case of Hybrid Access Gateway upgrades, this change has to be done after the appliance has been upgraded successfully.