The SSH Server module allows for configuration of the Secure Shell Daemon service in ClearOS.
If your system does not have this app available, you can install it via the Marketplace.
You can find this feature in the menu system at the following location:
You can customize the port, whether password authentication to SSH access is allowed, whether or not root is allowed to log in, and whether to allow for TCP forwarding.
Disabling root Login
The root account is the most sought after and the most common account to try and hack. Disabling root login lets you still log in as regular users but then requires those users to switch user (su) or use privilege escallation (sudo) for all root commands on the system. This is considered best practice and we highly recommend it.
You can give users SSH access using the Shell Extension app.
Changing the port is a good idea because hackers will know to try port 22 for SSH and it is typically the first place they try. If you change the port, be sure to select a port that is not in use by another protocol on the system. (Valid range theoretically range from 0-65535)
By turning off password authentication you tell your system that you will use key based authentication. This is typically considered stronger authentication than passwords.
TCP Forwarding allows you to use SSH as a gateway for other types of network traffic. It is a quasi-VPN and can make certain local traffic appear local to the machine attaching via SSH. If you are not using this, disable it.