> /etc/ssh/sshd_config:
>
> PermitRootLogin no
>
> You will have to login as ordinary user, and than do "su -".
That's not so convenient for doing nightly rsync backups over ssh though.
I know what keys to expect coming in for this - hence the question about
disallowing password login for root, but still allowing root login with
known keys.
> Use tcpwrappers to limit users and IP addresses:
>
> /etc/hosts.allow:
>
> sshd: [EMAIL PROTECTED]
Currently I have not seen attacks on normal user accounts and don't feel
the tradeoff of limiting normal users (who are all trusted in my case) is
worth the hassle. Obviously this might not be true any more in the
future.
Thanks,
Dale
--
Dale E. Martin, Clifton Labs, Inc.
Senior Computer Engineer
[EMAIL PROTECTED]
http://www.cliftonlabs.com
pgp key available
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
