Best way to disable SSH for all users?

Question

For security reasons I want to turn off SSH when I don't use it and turn it on again via a VNC connection as I can connect to my web server remotely over the Digitalocean control panel's console instead, and turn on SSH that way.

Is below the best way of doing it?

sudo stop ssh
sudo ufw deny 22

And turn on SSH via VNC

sudo ufw allow 22/tcp
sudo start ssh

Or should I use any of the below variants?

sudo service ssh stop
sudo systemctl stop ssh
sudo /etc/init.d/ssh stop

I'm on a UBUNTU 16.04 LTS server. And I want to disable SSH for all users, not only for root.

I'm not sure I understand your rationale here - AFAIK VNC is *much* less secure than SSH (unless the VNC is tunneled... over SSH) — steeldriver, Feb 06 '17 at 02:17
@muru It was only here I got a relevant answer though... by Serge — Gabriel, Feb 06 '17 at 14:47

Sergiy Kolodyazhnyy · Answer 1 · 2020-04-13T06:53:30.730

Ubuntu 16.04 LTS uses systemd, which means you want systemctl.

To prevent the service from starting automatically at boot time, use

sudo systemctl disable ssh.service

To stop currently running one, use

sudo systemctl stop ssh.service

and

sudo systemctl start ssh.service

Note that this stops ssh server. You can still use ssh client to connect to remote hosts, but with ssh server disabled remote connections destined to your machine will be disabled

If you want to completely disable the service/unit, use

sudo systemctl mask ssh.service

The above makes systemd unit files a symlink to /dev/null, so any start attempts will fail

Best way to disable SSH for all users?

1 Answers1