Menu Close
Settings Close

Language and Page Formatting Options

20.6. Requiring SSH for Remote Connections

For SSH to be truly effective, using insecure connection protocols, such as Telnet and FTP, should be prohibited. Otherwise, a user's password may be protected using SSH for one session, only to be captured later while logging in using Telnet.
Some services to disable include:
  • telnet
  • rsh
  • rlogin
  • vsftpd
To disable insecure connection methods to the system, use the command line program chkconfig, the ncurses-based program /usr/sbin/ntsysv, or the Services Configuration Tool (system-config-services) graphical application. All of these tools require root level access.
For more information on runlevels and configuring services with chkconfig, /usr/sbin/ntsysv, and the Services Configuration Tool, refer to the chapter titled Controlling Access to Services in the System Administrators Guide.