Instead of using ssh to remotely log in to a cluster node, it is recommended
to use oc debug
The sshd service can be disabled with the following manifest:
---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: master
name: 75-master-sshd-disable
spec:
config:
ignition:
version: 3.1.0
systemd:
units:
- enabled: false
name: sshd.service
This will disable the sshd service in all the
nodes labeled with the "master" role.
Note that this needs to be done for each MachineConfigPool
For more information on how to configure nodes with the Machine Config
Operator see
the relevant documentation.