Difference between ssh and sshd

May 18, 2017 104 views
Security Ubuntu 16.04

I'm trying to secure my environment to possible intruders and i'm wondering what is the difference between ssh and sshd. I've already disabled clear text passwords and i'd like to know if i can turn off sshd? Or will that stop me from logging in myself. Thanks.

1 Answer
jtittle May 18, 2017
Accepted Answer

@ariziragoran

The client is ssh, the daemon is sshd.

If you disable sshd, you won't be able to login remotely, so you'd effectively be locked out of the server. You're only means of logging in at that point would be via console, though console doesn't accept SSH Keys -- only passwords, so you'd essentially lock yourself out of console as well.

sshd is what listens for an incoming connection -- i.e. when you attempt to connect via SSH from your local PC/Mac/Laptop/etc.

If you disable ssh, you won't be able to use SSH to connect to other machines (such as in the event you need to copy files from one server to another).

  • So i do need sshd, do you recommend changing the port from 22 to something else? I've read a lot for it and against it and i'm not really sure. But i've created my server yesterday and i'm getting spammed with constant fail2ban emails about unauthorized attempts to log in :(

    • @ariziragoran

      If you disable sshd, you won't be able to login to your Droplet, so you need to keep it up and running. Port 22 is the default SSH port, thus it's well-known and commonly a target. You're free to change the listening port, though it won't stop someone who's persistent.

      There are plenty of tools online that one could use to scan for open ports, so even if 22 is closed off, a port scan would most likely reveal that another port is open, which they can then target.

      The only way around this would be to firewall off the port and limit it's access to a certain IP or IP range. If you have a dynamic IP, you'd need to setup a VPN that will allow you to have a static IP, otherwise you'd end up locking yourself out the moment your ISP changes your IP.

      Using the firewall to block access by IP will ensure that connection attempts from any IP that isn't white listed will fail.

Have another answer? Share your knowledge.