Securing the Secure Shell Daemon (SSHD)

Depending on your Linux flavor, the ssh daemon might listen on all network interfaces on the default port, and allow root and password logins.

This default configuration is not very safe. Automated scripts can try to guess the root password. You're at the mercy of the strength of your root password.

It's a good idea to make things stricter. Let's see how you can do this.

Getting ready

Create a user who can log in using his ssh key instead of a password. Doing this with Chef is described in the Creating users from data bags recipe in this chapter.

Make sure that you have a cookbook named my_cookbook and that the run_list of your node includes my_cookbook, as described in the Creating and using cookbooks recipe ...

Get Chef Infrastructure Automation Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Chef Infrastructure Automation Cookbook - Second Edition by Matthias Marschall

Securing the Secure Shell Daemon (SSHD)

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly