For SSH to be truly effective in protecting your network connections, you must stop using all insecure connection protocols, such as telnet and rsh. Otherwise, a user's password may be protected using ssh on one day only to be captured when they log in the next day using telnet.
To disable insecure connection methods to your system, use ntsysv or chkconfig to make sure that these services do not start up with the system. To use ntsysv to configure services that start at runlevels 2, 3, and 5, type the command:
/usr/sbin/ntsysv 235 |
Within ntsysv, you can disable services from starting
up by deselecting them. The
Changes made to with ntsysv will not take affect until either the system is restarted or changes runlevels. If you disabled services used with xinetd, you must restart xinetd. By default, rlogin, rsh, and telnet are controlled by xinetd. To restart xinetd, type:
/sbin/service xinetd restart |
For services not used with xinetd, you must stop them manually unless you are restart your system after using ntsysv. To stop a service, you will probably use a command such as:
/sbin/service <service-name> stop |
After restarting xinetd and stopping any other services you have configured not to start up automatically, disabled connection methods will no longer be accepted by your system. If you disable all remote connection methods other than the sshd service daemon, users will have to use an SSH client application to connect to the server.