When you disable SSH access in Webuzo, it only updates Webuzo’s own internal database and user access control, mainly for user-level restrictions. It does not disable the actual system-wide SSH service (sshd) running on your server.
As long as the SSH daemon (sshd) is active at the OS level, SSH connections will still be allowed — especially for root or system users.
✅ How to Properly Disable SSH Server-Wide (Block SSH Completely)
If you truly want no one (even root) to connect over SSH:
🔹 1. Stop the SSH service manually
systemctl stop sshd
or sometimes on some distros:
systemctl stop ssh
🔹 2. Disable SSH service at boot
systemctl disable sshd
or
systemctl disable ssh
✅ Now after reboot, SSH won’t start automatically.
🔹 3. Block SSH port in firewall (optional but better)
If you want to be extra sure, block incoming traffic on port 22 (or your custom SSH port) in CSF:
csf -d 0.0.0.0/0 22
or update /etc/csf/csf.conf:
TCP_IN = "Remove 22"
TCP_OUT = "Remove 22"
Then restart CSF:
csf -r
⚠️ Important Warning:
If you do this, you will completely lose remote access unless you have console/NoVNC/emergency access from your hosting provider!
💡 Recommended Safer Way Instead of Fully Disabling SSH
- Allow SSH only from specific IPs (your office/home IP)
- Use CSF to restrict SSH to your own IP
Example:
csf -a your.public.ip.address
and close SSH port for everyone else.
✅ This way SSH remains available only for trusted devices.
📋 Quick Summary
| Action | What Happens |
|---|---|
| Disable SSH from Webuzo panel | Blocks normal users in Webuzo, but root still has SSH |
| Stop SSH service manually | Stops all SSH access |
| Disable SSH on boot | Prevents SSH after reboot |
| Firewall port block | Total lockout of SSH traffic |
⚡ Need Safer Server Security Setup?
👉 Servers9 VPS and Dedicated servers
Preconfigured with CSF, SSH access protection, Fail2Ban, and optional SSH key-only login.