How do you disable the terminal?
to the terminal on 22 is not good. I'm using a different port for ssh on the server, yet I have full control at the terminal. If I can access the terminal in such a manner, so could anyone else.
How do I disable console access to my linode and remove the udp open port, the dhcp server?
Thank you,
rjs
5 Replies
I've been using public-key authentication to connect to Lish for some time now. Is it possible to disable the password authentication mechanism for this ourselves? I don't remember seeing an option for it.
@rjp:
I haven't seen an option that would allow sshd to disable passwords on a per-user basis. The best thing you can do to keep the bruteforcers out of your console is to pick a strong password for your Linode account.
From the sshd_config manpage:
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
user names that match one of the patterns. '*' and '?' can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.
However, if you just want to disallow root access, but allow everyone else, there is an easier option:
PermitRootLogin
Specifies whether root can login using ssh(1). The argument must
be "yes", "without-password", "forced-commands-only" or "no".
The default is "yes".
If this option is set to "without-password" password authentica-
tion is disabled for root. Note that other authentication meth-
ods (e.g., keyboard-interactive/PAM) may still allow root to
login using a password.
If this option is set to "forced-commands-only" root login with
public key authentication will be allowed, but only if the
command option has been specified (which may be useful for taking
remote backups even if root login is normally not allowed). All
other authentication methods are disabled for root.
If this option is set to "no" root is not allowed to login.