[SOLVED] how to disable ssh server permanently?

wang · 03-07-2011, 10:58 PM

Hi,
now i want to disable my ssh server "permanently",which means it won't run unless i start it after i login.that is,it is disabled at boot time by default.
i have asked a similar question before,but i still have some confusions.
Say that now the ssh server is running.my system is ubuntu 10.04.
1:

Code:

nuli@nuli-laptop:~$ sudo netstat -lntpu
[sudo] password for nuli: 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      888/sshd        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1334/cupsd      
tcp6       0      0 :::22                   :::*                    LISTEN      888/sshd        
tcp6       0      0 ::1:631                 :::*                    LISTEN      1334/cupsd      
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1206/dhclient   
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           992/avahi-daemon: r
udp        0      0 0.0.0.0:60143           0.0.0.0:*                           992/avahi-daemon: r

then,

Code:

nuli@nuli-laptop:~$ sudo /etc/init.d/ssh stop
 * Stopping OpenBSD Secure Shell server sshd                             [ OK ] 
nuli@nuli-laptop:~$

but still,

Code:

nuli@nuli-laptop:~$ sudo netstat -lntpu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2751/sshd       
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1334/cupsd      
tcp6       0      0 :::22                   :::*                    LISTEN      2751/sshd       
tcp6       0      0 ::1:631                 :::*                    LISTEN      1334/cupsd      
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1206/dhclient   
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           992/avahi-daemon: r
udp        0      0 0.0.0.0:60143           0.0.0.0:*                           992/avahi-daemon: r

why doesn't "/etc/init.d/ssh stop" work?
2

continue)

Code:

nuli@nuli-laptop:~$ sudo service ssh stop
ssh stop/waiting
nuli@nuli-laptop:~$ sudo netstat -lntpu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1334/cupsd      
tcp6       0      0 ::1:631                 :::*                    LISTEN      1334/cupsd      
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1206/dhclient   
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           992/avahi-daemon: r
udp        0      0 0.0.0.0:60143           0.0.0.0:*                           992/avahi-daemon: r

now "service ssh stop" works,but it only effects till next boot.
3

continue)

Code:

nuli@nuli-laptop:~$ sudo update-rc.d ssh default
update-rc.d: warning: ssh start runlevel arguments (none) do not match LSB Default-Start values (2 3 4 5)
usage: update-rc.d [-n] [-f] <basename> remove
       update-rc.d [-n] <basename> defaults [NN | SS KK]
       update-rc.d [-n] <basename> start|stop NN runlvl [runlvl] [...] .
       update-rc.d [-n] <basename> disable|enable [S|2|3|4|5]
		-n: not really
		-f: force

The disable|enable API is not stable and might change in the future.

the shell gives me a warning:do not match LSB Default-Start values,this API is not stable and ...
what does this mean? still it can't disable the server "permanently",ethier.
what on earth should i do to solve this ?
thanks for any help!

vishnu_sreekumar · 03-08-2011, 12:12 AM

can you try

sudo update-rc.d ssh disable 2 3 4 5

wang · 03-08-2011, 07:59 AM

apparently,it does't work.any other suggestions?

michaelk · 03-08-2011, 08:05 AM

Use the remove option.
http://www.tin.org/bin/man.cgi?secti...ic=update-rc.d

wang · 03-08-2011, 08:37 AM

seems do not work,thanks,anyway.
Do not other Ubuntu users have this problem?
what do you do to solve it?

michaelk · 03-08-2011, 08:59 AM

My fault. The remove option will not work unless the script in /etc/init.d is deleted which is not what you want.
Use the stop option.

coolsreejith · 03-08-2011, 09:11 AM

i don't know if it works in ubuntu but in red hat based distros you can use the command

Quote:

chkconfig sshd off

to permanently turn off the service

szboardstretcher · 03-08-2011, 09:13 AM

Well,. you can "chkconfig sshd off" and "service sshd stop" to start.

Nylex · 03-08-2011, 10:38 AM

Quote:

Originally Posted by szboardstretcher

Well,. you can "chkconfig sshd off" and "service sshd stop" to start. Also, you could disable it in the kernel -- with a 'blacklist sshd' or whatever the module is called, maybe.

SSH isn't part of the kernel.

wang · 03-09-2011, 07:39 AM

all of your suggestions have been tried,but,to be frank,i am not satisfied with them."chkconfig" is a command in redhat/fedora,while i am using ubuntu.thanks for your help.

repo · 03-09-2011, 07:43 AM

see : man update-rc.d

Kind regards

wang · 03-09-2011, 08:01 AM

in fact,i have tried that.please forgive my folly,but can you be more explicit?since i am not so experienced like you.

repo · 03-09-2011, 08:03 AM

see post #6

Kind regards

Reuti · 03-09-2011, 08:04 AM

Ubuntu uses upstart in the latest release, while chkconfig is for another system startup method. I.e. in /etc/init should be a file sshd where the line with "start on ..." needs to be removed (or move the complete file to some other location).