In some cases, it will be reasonable to stop and disable the SSH server to reduce the attack surface of the host running the ICG.

WARNING Stop/disable the SSH server only if a) your virtualization solution grants you remote access to the console of the machine running the ICG, and if you b) do not need to copy files from/to this machine using SCP. If your virtualization solution does not offer remote access to the ICG's console, disabling the SSH server will result in locking yourself out of the machine, and you will need access to the physical server to re-enable an SSH server.

To stop and disable the SSH server, proceed as follows:

  1. Open a terminal.
  2. Become root.
  3. Issue the following commands:
    • systemctl stop ssh
    • systemctl disable ssh