Hacker News new | past | comments | ask | show | jobs | submit login

This is correct. The tip about disabling SSH isn't about security, it's just about quickly highlighting areas where you're not automated.

When developing an application for example, it's often necessary to SSH in to play with some things. But once you've ready to go to production, you want as much automation as possible. Forcing yourself to not use SSH will quickly show you where you aren't automated.




What if my automation tool uses SSH (ie, Ansible)?


Someone else pointed this out too. The goal of the tip is really to stop users SSHing in just to fix that one little thing, so you could still allow your automation frameworks SSH access and just disable it for users (the idea is to disable in firewall, not turning off SSH on your server, that way you can still use it for emergencies). The idea worked well for me, but obviously isn't for everyone, YMMV.


Thanks. I'm a fan of automation but respectfully disagree with this (see my response above for details).


Perfectly valid. This particular tip certainly seems to have caused some great discussion! It worked for my particular case, but I can definitely see it not working for everyone.

I've added a link to this thread to my tip, and expanded on it a little to warn people that it's not for everyone.


Thanks for the reply here and above! Good discussion indeed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: