Securing the Secure Shell Daemon (SSHD)
Depending on your Linux flavor, the ssh
daemon might listen on all network interfaces on the default port, and allow root and password logins.
This default configuration is not very safe. Automated scripts can try to guess the root password. You're at the mercy of the strength of your root password.
It's a good idea to make things stricter. Let's see how you can do this.
Getting ready
Create a user who can log in using his ssh
key instead of a password. Doing this with Chef is described in the Creating users from data bags recipe in this chapter.
Make sure that you have a cookbook named my_cookbook
and that the run_list
of your node includes my_cookbook
, as described in the Creating and using cookbooks recipe in Chapter 1, Chef Infrastructure.
Create Berksfile
in your Chef repository including my_cookbook
:
mma@laptop:~/chef-repo $ subl Berksfile
cookbook 'my_cookbook', path: './cookbooks/my_cookbook'
Tip
Note that configuring sshd
might lock you out of your...