O'Reilly logo

Chef Infrastructure Automation Cookbook by Matthias Marschall

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing the Secure Shell Daemon (SSHD)

Depending on your Linux flavor, the ssh daemon might listen on all network interfaces on the default port and allow root and password logins.

This default configuration is not very safe. Automated scripts can try to guess the root password. You're at the mercy of the strength of your root passwords.

It's a good idea to make things stricter. Let's see how you can do this.

Getting ready

Create a user who can log in using his ssh key instead of a password. Doing this with Chef is described in the Creating users from data bags section.

Make sure you have a cookbook named my_cookbook and the run_list of your node includes my_cookbook as described in the Creating and using cookbooks section in Chapter 1, Chef Infrastructure ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required