Requiring SSH
For SSH to be truly effective in protecting your network connections, stop using all insecure connection protocols, such as telnet and rsh. Otherwise, a user's password may be protected using ssh on one day only to be captured when they log in the next day using telnet.
To disable insecure connection methods to your system, use serviceconf or chkconfig to make sure that these services do not start up with the system. To use serviceconf to configure services that start at runlevels 2, 3, and 5, type the command:
/usr/sbin/serviceconf 235Within serviceconf, you can disable services from starting up by deselecting them. The [Spacebar] toggles a service between being active or inactive. At a minimum, you should deselect telnet, rsh, ftp, and rlogin. When finished, select the OK button to save your serviceconf changes. See the serviceconf man page for additional assistance using this utility.
Changes made to with serviceconf will not take affect until either the system is restarted or changes runlevels. If you disabled services used with xinetd, restart xinetd. By default, rlogin, rsh, and telnet are controlled by xinetd. To restart xinetd, type:
/sbin/service xinetd restartFor services not used with xinetd, stop them manually unless you are restart your system after using serviceconf. To stop a service, you will probably use a command such as:
/sbin/service service-name stopAfter restarting xinetd and stopping any other services you have configured not to start up automatically, disabled connection methods will no longer be accepted by your system. If you disable all remote connection methods other than the sshd service daemon, users will have to use an SSH client application to connect to the server.