Securing the Secure Shell daemon
Depending on your Linux flavor, the SSH daemon might listen on all network interfaces on the default port, and allow root logins using passwords instead of keys.
This default configuration is not very safe. Automated scripts can try to guess the root password. You're at the mercy of the strength of your root password.
It's a good idea to make things stricter. Let's see how you can do this.
Getting ready
Create a user who can log in using his SSH key instead of a password. Doing this with Chef is described in the Creating users from data bags recipe in this chapter.
Tip
If you're using Vagrant, you can SSH into your node using the information given by running vagrant ssh-config
.
For the default configuration, this command should work (replace mma
with your username):
mma@laptop:~/chef-repo $ ssh [email protected] -p 2222
Make sure that you have a cookbook named my_cookbook
and that the run_list
of your node includes my_cookbook
, as described in the Creating and using...