Securing shell services
Another infrastructural service that is security sensitive is a shell service. Whereas malicious individuals would be happy to get remote command execution (RCE) vulnerabilities on systems to exploit, shell services immediately provide an interactive environment. Of course, securing shell services is an important strategy for administrators.
Splitting SSH over multiple instances
One potential approach to harden a shell-service-providing server is to split the access for administrators and users.
The user-facing SSH server could possibly require just user ID and password authentication or key-based authentication. It'll be running on the default port 22 and perhaps enables chrooted SSH so that the regular users do not have access to the entire file system but only a particular location, such as /var/jail. Additional safeguarding approaches such as enabling a service like fail2ban (which checks the logs for the IP addresses that are trying a brute-force attack against...
