> /etc/ssh/sshd_config: > > PermitRootLogin no > > You will have to login as ordinary user, and than do "su -".
That's not so convenient for doing nightly rsync backups over ssh though. I know what keys to expect coming in for this - hence the question about disallowing password login for root, but still allowing root login with known keys. > Use tcpwrappers to limit users and IP addresses: > > /etc/hosts.allow: > > sshd: [EMAIL PROTECTED] Currently I have not seen attacks on normal user accounts and don't feel the tradeoff of limiting normal users (who are all trusted in my case) is worth the hassle. Obviously this might not be true any more in the future. Thanks, Dale -- Dale E. Martin, Clifton Labs, Inc. Senior Computer Engineer [EMAIL PROTECTED] http://www.cliftonlabs.com pgp key available -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]