By default, OpenSSH (at least 7.2p2 used in for example Ubuntu 16.04) does not honor setting user's shell to /bin/false, which should by consensus disable all remote access to user account. People have suggested setting user's password hash in /etc/shadow as exclamation point (!), which should be invalid hash, instead of asterix (*) or hashed empty password.
Not honoring /bin/false makes it possible for attackers to login using system daemon accounts and creating SSH tunnels to masquerade their real IP and cause hijacked server(s) to be added to various spam black lists.
If all normal users have enabled certificate (public key) authentication, it's possible to disable password authentication in sshd configuration, but this should only be used as last resort.
Hello @mtl1979! This is a friendly reminder that you have 3000 Partiko Points unclaimed in your Partiko account!
Partiko is a fast and beautiful mobile app for Steem, and it’s the most popular Steem mobile app out there! Download Partiko using the link below and login using SteemConnect to claim your 3000 Partiko points! You can easily convert them into Steem token!
https://partiko.app/referral/partiko