How to Enhance the Security of JumpServer: Best Practices and Recommendations

1. Upgrade the operating system to the latest version

Regularly update the OS on the server hosting JumpServer to apply security patches and eliminate vulnerabilities.

2. Upgrade JumpServer

Keep JumpServer itself up to date by regularly installing the newest release, ensuring you benefit from the latest security fixes and improvements.

3. Upgrade JumpServer’s dependent software

Update the versions of MySQL, Redis, Nginx and other dependencies, while checking compatibility and following the project’s GitHub documentation.

4. Avoid weak passwords

Use strong, unique passwords for all components (servers, databases, Redis, etc.) and replace the default admin password immediately after installation.

5. Use the OS security components

Do not disable firewalld or SELinux on CentOS; configure firewalld to allow only the ports required by JumpServer.

6. Minimize open ports

Close all unnecessary ports, expose only the essential ones, and consider placing a VPN or SSL‑VPN in front of JumpServer.

7. Harden public access

If JumpServer must be exposed to the internet, place a firewall in front, filter traffic, restrict source IPs, and configure cloud security groups appropriately.

8. Configure SSL

Obtain an SSL certificate, deploy it, and disable plain HTTP so that all access occurs over HTTPS.

9. Strengthen password policies

Enforce periodic password changes, set minimum password complexity, and ensure the initial admin password is changed immediately.

10. Enable MFA

Activate multi‑factor authentication for JumpServer administrators to require two‑step verification and greatly improve login security.