2014-01-28 Joe <j...@jretrading.com> > On Mon, 27 Jan 2014 23:51:01 -0800 > Jon Danniken <danni...@q.com> wrote: > > > On 01/27/2014 09:41 PM, Scott Ferguson wrote: > > > > > > Keep updated, subscribe to the security list, read and follow the > > > fine manual:- > > > https://www.debian.org/doc/manuals/securing-debian-howto/ > > > > Thanks Scott, that's just what I was looking for. > > > > And so was Raffaele's reply. If you will be using ssh from outside, set > up keys and disable the use of passwords. Use a good password or phrase > on the private key, and keep it on a USB stick away from the laptop. > Laptops are easy to lose. If you need to use Windows, then make the > keys in puTTY, because as far as I know, puTTY still can't use OpenSSH > private keys but can make public ones. >
Also AllowUsers directive in sshd_config should be set because If a user is not listed in there, login attempts stop suddenly at [preauth] level and you can use the form user@domain to futher restrict access.