Securing shell services

Another infrastructural service that is security sensitive is a shell service. Whereas malicious individuals would be happy to get remote command execution (RCE) vulnerabilities on systems to exploit, shell services immediately provide an interactive environment. Of course, securing shell services is an important strategy for administrators.

Splitting SSH over multiple instances

One potential approach to harden a shell-service-providing server is to split the access for administrators and users.

The user-facing SSH server could possibly require just user ID and password authentication or key-based authentication. It'll be running on the default port 22 and perhaps enables chrooted SSH so that the regular users do not have ...

Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Second Edition by Sven Vermeulen

Securing shell services

Splitting SSH over multiple instances

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly