Disable SSH on Server

ockythegooner · February 25, 2021, 3:32pm

Hi, I’m a little bit paranoid, so I’d always disable SSH on my server

But, if I add a new user in HestiaCP, the SSH suddenly listening again.

Is it possible to disabled SSH while using HestiaCP?

Thank you for your help and answer.

eris · February 25, 2021, 3:41pm

I think for creating a new user it need to reload the sftp jail. With disabling SSH. SFTP and File manager will also stop

SSH is considered an safer system then FTP but to lock it down SSH try this:

PasswordAuthentication no

Forces users to use ssh keys (Set them up for your self and keep a backup)

PermitRootLogin yes

Disables root login. Create an user and give him full sudo right (Make sure it is not an Hestia user)

And change port to an random port that is not in use… And allow only access from your ip / ip range and you should be fine

ockythegooner · February 25, 2021, 4:08pm

Thank you for your answer, I will do it.

jlguerrero · February 25, 2021, 6:39pm

I also change the ssh port.

I thought about a port 22 honeypot to just ban in fail2ban everything trying to connect to port 22

ockythegooner · February 26, 2021, 1:57am

I’d already did everything but failed in changing SSH Port. After I changed it, I can’t connect via SSH anymore.

I don’t have UFW, so I installed it and register new port, still nothing happened, stuck in Port 22.

eris · February 26, 2021, 6:03am

UFW + Iptables should not used togetter… You can add an ip / port via /edit/server/firewall

ockythegooner · February 26, 2021, 6:06am

Ok, I will delete UFW. Thank you.

ockythegooner · February 26, 2021, 6:22am

Thx eris, my problems solved.

ockythegooner · February 26, 2021, 5:25pm

I have a new issue, after sucesfully change the ssh port, now I can’t access File Manager, Unknown Error.

Changed SSH Port and now I can not use the file manager any more

SSH port is loaded in a PHP Session.
Logout and Login will reset the Sessions

I read it, I’d reboot the VPS but still error, did I missed something?

ockythegooner · February 26, 2021, 5:41pm

Problems solved after I changed the user ssh nologin into bash.

Is it the true solution, right?

ockythegooner · February 26, 2021, 6:06pm

I have a new issue, while login with user, File Manager can access root folder.

eris · February 26, 2021, 6:12pm

bash will mean user isn’t limited to the sftp chroot an users are able to read the full root. chroot is currently only active with shell as no login

ockythegooner · February 26, 2021, 6:14pm

But if I set nologin to user, I can’t access the File Manager, it’s Unknown Error.

ockythegooner · February 26, 2021, 10:28pm

Found the problem, no need to manually add “AllowUsers user”, this is the problem.

system · March 28, 2021, 10:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.