13
6
I want to be able to stop people from been able to SSH onto my machine but still need to SSH out, is this possible?
ryan stokes
Posted 2012-12-12T11:02:26.570
Reputation: 149
Stopping people from ssh(ing) into my Ubuntu machine
Answers
27
i want to be able to stop people from been able to ssh onto my machine but still need to ssh out. is this possible
Yes, just disable the SSH daemon sshd.
RedGrittyBrick
Posted 2012-12-12T11:02:26.570
Reputation: 70 632
Or just uninstall the server: sudo apt-get remove openssh-server – johanvdw – 2012-12-13T09:26:24.950
20
You have many options:
disable SSH daemon on boot with
sudo update-rc.d ssh disableand reboot the machine (or stop the SSH daemon withsudo service ssh stop)disable SSH daemon until machine is rebooted:
sudo service ssh stopselect the users (or groups) authorized to ssh to your machine:
sudo nano /etc/ssh/sshd_configadd lines for each user:
AllowUsers useror
AllowGroups groupthen restart ssh:
sudo service ssh restartto activate the filter
laurent
Posted 2012-12-12T11:02:26.570
Reputation: 4 166
7
I want to be able to stop people from been able to ssh onto my machine but still need to ssh out
If you do not want anyone (yourself included) to be able to ssh to your host, simply do not run sshd. That has no influence in your ability to ssh from your computer to other computers.
E.g. via sudo update-rc.d -f ssh remove (This will ntt remove the sshd software package, but it won't automatically start again.).
I am curious though: Why not simply do not give them an account?
Hennes
Posted 2012-12-12T11:02:26.570
Reputation: 60 739
5
"I want to be able to stop people from been able to SSH onto my machine" - even with SSHd (the SSH daemon) turned on, this should in general not be possible unless:
- You have a guest user, with no password, that has SSH access turned on
- You have a regular user account that has a simple password, a password that others know or something that can be easily guessed.
Yes, you should definitely turn off sshd as others have recommended, but even with the default setup, it shouldn't be possible for the average Joe User to SSH into your box.
Suman
Posted 2012-12-12T11:02:26.570
Reputation: 971
-3
anybody who wants to ssh "in" to your system would need to have appropriate authentication to come in, which would be in your control. So, I believe your question is pretty much self answered, dont give anybody such access.
further, like many have suggested here, you can stop running the ssh daemon itself, which would mean that you yourself wont be able to ssh-in to your system, if you need to.
so really, you need to figure out, what exactly do you want to achieve, block others but not yourself, or block everybody (including yourself), and there goes your response.
another trick could be to change the port of your ssh daemon, which will basically make it harder for your system to be addressed by someone unknown. (for example, read here - http://techie-buzz.com/foss/change-default-ssh-port-in-linux.html)
Gyan
Posted 2012-12-12T11:02:26.570
Reputation: 95
thanks for all the negative votes.. would anyone care to comment why did you downvote this ? – Gyan – 2016-10-21T14:08:59.837
1Welcome to SuperUser! I have suggested an edit to your question to remove the string "Is there a way of encrypting the whole drive instead of reinstalling the whole OS?". If you want to know the answer to that, please ask it as a separate question. And please elaborate: make your question at least 50 words. Include an explanation of why you want it. :) Enjoy the site, and again, welcome! – unforgettableidSupportsMonica – 2012-12-12T17:55:33.120