ssh2... any reason to keep?

[jlpeifer]

Upon reviewing brute force logon attempts to my DA server I notice a good number that reference 'ssh2'.

Example...

Feb 1 11:21:26 hosting sshd[32131]: Failed password for root from 114.233.51.216 port 56562 ssh2

I'm not highly proficient with Linux, so I'm making the assumption that his is referring to the PHP extension SSH2 (please tell me if I'm wrong). I've done some research on this extension and understand that "The SSH2 extension provides functions for accessing remote machines using the secure SSH and SFTP protocols".

To the very best of my knowledge, I don't use PHP to initiate or respond to SSH or SFTP requests. So.....

1. Why is this extension needed?
2. Is it a security risk?

 

[floyd]

Not related to php. If you want to secure your server you need to research using ssh keys and then once you have that working disable password authentication.

 

[jlpeifer]

Thanks @floyd. Prior to posting my question I had disabled password-based SSH logins for 'root' (now can only login as root via SSH with certs). This was tested successfully. I did not disable SSH password authentication completely because it would cause difficulties for my users/customers.

Is the fact that I didn't entirely disable password-based logins the reason why my server is still pseudo-entertaining password-based logins for the 'root' account?

Specifically, in /etc/ssh/sshd_config I changed...
PermitRootLogin yes

to...
PermitRootLogin prohibit-password

Then restarted the sshd service.