login to server only via SSH (disallow all other users / groups to login)

blueray

11/10/22, 12:37 PM

I am willing to rent a server from a hosting provider. I will SSH to that machine. I do not want anyone else (specially those who has physical access to the machine) to login. I only want to permit to login via the SSH and with only my login and password or ssh key.

In other words, I want to disable regular login (which I am currently doing with my desktop, giving login and password via keyboard to login) and only allow SSH login.

P.S. I know if anyone has physical access, they can boot a Rescue CD and bypass any credentials. I also know there is cold boot attack. However, this question is about only allowing SSH login.

0 + 5

server

ssh

permissions

password

user535733

11/10/22, 2:34 PM

Is this REALLY a full server machine located on somebody else's site? Or is this "server" merely a container or VM running on somebody else's machine?

blueray

11/10/22, 3:00 PM

I am planning to rent a complete server (not VM).

steeldriver

11/10/22, 3:36 PM

Generally, only user accounts that you create, plus the `root` account, will have valid login shells - and in Ubuntu, the `root` password will be locked by default, preventing local logins as root.

blueray

11/10/22, 3:38 PM

@steeldriver is there any way I can disallow everyone to enter via "valid login shells" and only via "ssh"

steeldriver

11/10/22, 3:50 PM

What do you men by "everybody"? AFAIK the only accounts that need login shells are your own and root's. Both will need valid login shells. The root account's password can (and should) be locked (according to Ubuntu best practices). Your own account password may also be locked provided you have set up key-based SSH authentication **however** that would prevent you from authenticating to `sudo`, so you'd need to also permit direct SSH access for root via key-based auth in order to perform administrative tasks.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: login to server only via SSH (disallow all other users / groups to login)

TH: เข้าสู่ระบบเซิร์ฟเวอร์ผ่าน SSH เท่านั้น (ไม่อนุญาตให้ผู้ใช้ / กลุ่มอื่นเข้าสู่ระบบ)

RO: conectați-vă la server numai prin SSH (nu permiteți tuturor celorlalți utilizatori/grupuri să se autentifice)

RU: вход на сервер только через SSH (запретить вход всем остальным пользователям/группам)

VI: chỉ đăng nhập vào máy chủ qua SSH (không cho phép tất cả người dùng/nhóm khác đăng nhập)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.