Apple Support Communities > Servers and Enterprise Software > Mac OS X Server v10.6 Snow Leopard > Discussions
1705 Views 5 Replies Latest reply: Feb 11, 2011 11:30 AM by Garner
You can turn off SSH service if you want. There are a few things it's needed for, but they're few and far between; setting up a replica Open Directory server is the only one that comes to mind. To turn it off, run System Preferences on the server, go to the Services pane, and disable the "Remote Login" service.MacBook Pro, Mac OS X (10.6.6)
Rather than turning off SSH altogether, why not just block it at your network edge (router/firewall). That way it will still be available on your LAN but you won't be subject to external connection attempts.Mac OS X (10.6.5)
Thanks for the replies.
I'd like to block it at the network edge, but we don't have a firewall appliance and I'd rather not try to mess with the router. This server is used as an email server and that's it. It is in my office and I can access it directly. There is no reason to have remote access, so I'd just assume disable it completely.
Message was edited by: GarnerMacMini Server, Mac OS X (10.6.6), iPhone 3G 8GB
That means your router is forwarding all traffic to the server. It is only a matter of time before your server will be hacked.
You need to:
Block port 22 (ssh) at the router, ASAP.
Use non-trivial passwords (better is to reconfig ssh to only allow login with RSA certificates, but that is more advanced).
Also, if your router is forwarding all traffic, then it is possible that break-in will be appempted on other protocols (AFP, SMB, etc.). This means you are only as secure as the weakest password of any of your users. Not very safe...G4 MDD, Mac OS X (10.5.8)