Securing the Secure Shell daemon

Depending on your Linux flavor, the SSH daemon might listen on all network interfaces on the default port, and allow root logins using passwords instead of keys.

This default configuration is not very safe. Automated scripts can try to guess the root password. You're at the mercy of the strength of your root password.

It's a good idea to make things stricter. Let's see how you can do this.

Getting ready

Create a user who can log in using his SSH key instead of a password. Doing this with Chef is described in the Creating users from data bags recipe in this chapter.

Tip

If you're using Vagrant, you can SSH into your node using the information given by running vagrant ssh-config.

For the default configuration, this command ...

Get Chef Cookbook - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Chef Cookbook - Third Edition by Matthias Marschall

Securing the Secure Shell daemon

Getting ready

Tip

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly