Disable SSH

[JakeBikeIT]

I need to make the admin of PXE as secure as possible - I've set a long password and I've disabled root SSH login and Disallowed All users and turned off SSH.

Wondered why this isn't more easily done. Maybe this is a feature request. As turning off SSH is the first thing you do in VMware.

 

[spoodie]

Another option is to add an explicit DROP rule to the relevant firewall for port 22.

But it does seem a bit odd to allow SSH by default, even with the firewall enabled and also to allow it for the root user no less. I'd like to see the rules listed in the firewall page so the access is more visible.

 

[LnxBil]

Wondered why this isn't more easily done. Maybe this is a feature request. As turning off SSH is the first thing you do in VMware.

Because you need it for a cluster and a secure administration.

also to allow it for the root user no less.

There is only one user. This is not Ubuntu.

 

[JakeBikeIT]

Because you need it for a cluster and a secure administration.


There is only one user. This is not Ubuntu.

Luckily these backup role hosts are not clustered.
I understand the requirement for clustering. Kind of pointless having a TOTP and SSH Open.

 

[LnxBil]

Luckily these backup role hosts are not clustered.
I understand the requirement for clustering. Kind of pointless having a TOTP and SSH Open.

Why? Just use TOTP with SSH ...

 

[JakeBikeIT]

One would assume the TOTP for root in the web console would be required for the SSH login as root as well, don't tell me additional config is required?

 

[LnxBil]

One would assume the TOTP for root in the web console would be required for the SSH login as root as well, don't tell me additional config is required?

There is a multitude of additional factors available in PAM, so that you can have as many factors as you want. TOTP is generally not standardized, so there are multiple providers available. This is obviously not the default.