20.6. Requiring SSH for Remote Connections
For SSH to be truly effective, using insecure connection protocols, such as Telnet and FTP, should be prohibited. Otherwise, a user's password may be protected using SSH for one session, only to be captured later while logging in using Telnet.
Some services to disable include:
telnet
rsh
rlogin
vsftpd
To disable insecure connection methods to the system, use the command line program
chkconfig
, the ncurses-based program /usr/sbin/ntsysv, or the Services Configuration Tool (system-config-services
) graphical application. All of these tools require root level access.
For more information on runlevels and configuring services with
chkconfig
, /usr/sbin/ntsysv, and the Services Configuration Tool, refer to the chapter titled Controlling Access to Services in the System Administrators Guide.