How do you disable the terminal?

I don't think I like the terminal access. For me to be able to ssh root

to the terminal on 22 is not good. I'm using a different port for ssh on the server, yet I have full control at the terminal. If I can access the terminal in such a manner, so could anyone else.

How do I disable console access to my linode and remove the udp open port, the dhcp server?

Thank you,

rjs

5 Replies

I have another question that's related to this.

I've been using public-key authentication to connect to Lish for some time now. Is it possible to disable the password authentication mechanism for this ourselves? I don't remember seeing an option for it.

I haven't seen an option that would allow sshd to disable passwords on a per-user basis. The best thing you can do to keep the bruteforcers out of your console is to pick a strong password for your Linode account.

I set my SSH up so I wouldn't be able to login with teh root ID.

@rjp:

I haven't seen an option that would allow sshd to disable passwords on a per-user basis. The best thing you can do to keep the bruteforcers out of your console is to pick a strong password for your Linode account.

From the sshd_config manpage:

     AllowUsers
             This keyword can be followed by a list of user name patterns,
             separated by spaces.  If specified, login is allowed only for
             user names that match one of the patterns.  '*' and '?' can be
             used as wildcards in the patterns.  Only user names are valid; a
             numerical user ID is not recognized.  By default, login is
             allowed for all users.  If the pattern takes the form USER@HOST
             then USER and HOST are separately checked, restricting logins to
             particular users from particular hosts.

However, if you just want to disallow root access, but allow everyone else, there is an easier option:

     PermitRootLogin
             Specifies whether root can login using ssh(1).  The argument must
             be "yes", "without-password", "forced-commands-only" or "no".
             The default is "yes".

             If this option is set to "without-password" password authentica-
             tion is disabled for root.  Note that other authentication meth-
             ods (e.g., keyboard-interactive/PAM) may still allow root to
             login using a password.

             If this option is set to "forced-commands-only" root login with
             public key authentication will be allowed, but only if the
             command option has been specified (which may be useful for taking
             remote backups even if root login is normally not allowed).  All
             other authentication methods are disabled for root.

             If this option is set to "no" root is not allowed to login.

What I was trying to get at was that you can't tell SSHD to allow public-key logins but disallow password logins on a per-user basis. If you want public-key only, you have to do it for all users.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct