Advisable to disable SSH when not using it?

[bbb0777]

That's all: I occasionally (on my RT-AC68u) do something with Putty, and will enable SSH/allow SSH password login. When I'm finished, I'll disable it.

Am I being prudent, or wasting time? Is it advisable to disable it each time, or just a pointless inconvenience?

 

[RMerlin]

I think it's a bit overkill. SSH is far less likely of being exploited or compromised than the web interface itself, which is always available anyway.

 

[AdvHomeServer]

I would consider it if is exposed to the internet and not just for internal use only. I was once rather lackadaisical about that until I looked at a Netgear router log for a new router. uPnP was on and lots of ports from my QNAP device were apparently exposed to the internet. Some inquisitive Chinese hackers were going up and down some QNAP ports (22 especially) looking for an open session. I don't know how they found me; maybe from a list of Comcast customer IP addresses.

I turned off plug and play on the router. I also made my QNAP passwords more complicated. They didn't get anything but It got my attention.