-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 joe wrote: > > joe wrote: >> Richard Creighton wrote:
>> I prefer a more simple approach. Rather than adding more firewall rules, I >> set >> the sshd allowed_users parameter to the 2 accounts that actually have a >> reason to log in, and I also limit the IP addresses which will accept an ssh >> connection using tcp wrappers (hosts.allow, hosts.deny). > > typo/thinko - I meant, limit the addresses *from* which it will accept an ssh > connection using tcp wrappers. Also, as one poster mentioned, using keys > instead of passwords is another handy ssh trick, along with reducing the max > failed attempts and grace period for ssh logins. > > Joe A small point, for small setups the pam_access.so module is probably simpler to use than tcp wrappers. (but of course this depends on ones definition of simple :-) ). - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGm6jGasN0sSnLmgIRAlBNAJ4zzkdiKfhl1ebN6rTJYrcsqdElSwCeNoJl +Q8P2oajTRx6FwLykjtMcek= =aB/l -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]