For establishing a remote connection one must have to enable our OpenSSH server but once we disconnect our connection,is it necessary to stop the SSH service?
For establishing a remote connection one must have to enable our OpenSSH server but once we disconnect our connection,is it necessary to stop the SSH service?
If you're asking if the service will stop running by itself once the last connection has been closed, the answer is no, it won't. But that doesn't necessarily mean you should stop the service; in most uses cases, you would keep it running.
It's not generally necessary to stop
sshd
(the OpenSSH service) when there are no connections, and people don't usually do that. Or, to be more precise: so long as it was reasonable to runsshd
in the first place, it is typically reasonable to run it even when no one is connected, so long as doing so is actually helping you in some way. Typically, that help takes the form of much-increased convenience, because you don't always know when someone will need to connect, and there may not always be someone physically present to start the service.Accepting SSH connections has security implications. For example, if someone has a weak password (or a password of any strength that is used somewhere else, where there is then a data breach) and password-based authentication is enabled, then someone unauthorized could gain access to your machine. That's one example, but there are other scenarios, such as the occasional security vulnerability that is found in OpenSSH.
The longer an SSH server is accessible, the more likely something will go wrong. But the likelihood is very low in the first place, at least so long as you follow good security practices. Assuming it was a sound decision to run your SSH server at all, it is probably also fine to keep it running, provided that doing so provides value to you.
If nobody needs to be able to SSH into the machine for quite a while, then you might consider disabling the service, or even uninstalling the
openssh-server
package. If there's no reason to run an SSH server, don't run it. But the pattern of forcing legitimate users to (for example) call you to arrange for you to go to the machine and enable the SSH server is not likely to be a good trade-off, from a security perspective or otherwise.Don't run the server if it doesn't provide any value to you (or doesn't anymore). If it only has to be used on a LAN or WAN, rather than being accessible directly from the public Internet, then configure your router or firewall accordingly. Use a supported release of Ubuntu (for users who find this by searching the web: of whatever OS you're running) and make sure to keep it up to date; at minimum, this means installing security updates as they become available. Don't give people who have no business using the machine accounts on it, and implement reasonable measures for physical security. Instruct users about basic security practices including the use of good passwords, and strongly consider disabling password-based authentication for SSH (thereby requiring key-based authentication which is generally more secure).