Hardly any of the readers at least once in their life has not rented a virtual dedicated server (VPS). It's simple and quite cheap: for a personal blog, game server, educational purposes, and so on.
It happens that on such a server you need to store sensitive information: cryptographic keys, personal and corporate correspondence, and the like. The main preventive protection tool is disk encryption, which will prevent information leakage if a virtual machine dump falls into the hands of an attacker. In this article, we will consider disabling direct access to the terminal emulator, which will allow you to connect to the server exclusively via ssh, and all unscrupulous hosters will see a cute cat with a rainbow.
The example will be parsed on a Debian operating system using systemd. The main task is to disable the services responsible for initializing the terminal: systemd-logind and getty.
tty1. : systemctl disable getty@tty1
. getty-static. : systemctl disable getty-static
.
, - VNC , . , Ctrl+Alt+F2 , systemd-logind, . , /etc/systemd/logind.conf
:
[Login] NAutoVTs=0 ReserveVT=0
ssh, . , , , Nyan cat.
: apt-get install nyancat
. :
nano /etc/systemd/system/nyancat-tty.service
[Unit]
Description=nyancat on tty1
After=graphical.target
[Service]
Type=simple
ExecStartPre=/bin/sleep 5
ExecStart=/usr/bin/nyancat -snI
ExecStop=/bin/kill -HUP ${MAINPID}
StandardInput=tty
StandardOutput=tty
TTYPath=/dev/tty1
Restart=always
RestartSec=2
[Install]
WantedBy=graphical.target
: systemctl enable nyancat-tty.service
. , ssh .
R4SAS .