Russell Coker <[EMAIL PROTECTED]> wrote:
> Ideally we would be able to specify a list of acceptable IP addresses
> for each account, both in a central file and in per-user config
> files. It would be really great if someone would write code to do
> this!
It is already possible to specify such a
* Stephen Gran ([EMAIL PROTECTED]) [040810 17:40]:
> This one time, at band camp, Bernard Blackham said:
> > This lets the backup key *only* run rsync in server mode. I
> > /believe/ this means that (short of finding a buffer overflow in
> > rsync) logins with this ssh key will only be able to read
This one time, at band camp, Stephen Gran said:
> This one time, at band camp, Bernard Blackham said:
> > This lets the backup key *only* run rsync in server mode. I
> > /believe/ this means that (short of finding a buffer overflow in
> > rsync) logins with this ssh key will only be able to read fi
This one time, at band camp, Bernard Blackham said:
> This lets the backup key *only* run rsync in server mode. I
> /believe/ this means that (short of finding a buffer overflow in
> rsync) logins with this ssh key will only be able to read files, and
> not be able to change anything. Though if any
On Tue, Aug 10, 2004 at 09:31:38AM -0400, Dale E Martin wrote:
> > PermitRootLogin no
> >
> > You will have to login as ordinary user, and than do "su -".
>
> That's not so convenient for doing nightly rsync backups over ssh though.
> I know what keys to expect coming in for this - hence the ques
On Tue, Aug 10, 2004 at 09:38:16AM -0400, Dale E Martin wrote:
> > Would it work to disable all ssh password logins and only allow logins with
> > the proper private key?
>
> I'm not sure, I'd have to check with my Windows users who do CVS checkouts
> via ssh and see if their clients would supp
Russell Coker wrote:
On Tue, 10 Aug 2004 20:52, Dale E Martin <[EMAIL PROTECTED]> wrote:
I've noticed a fair number of attempted root logins on my various boxes
Same here. Also attempted logins to "test", "admin", and some other accounts.
^ ^ ^ ^ ^ ^ ^ ^^
Uh
> Well, hows about the following (straight from man sshd_config)...
Doh! (Slapping forehead!)
> PermitRootLogin without-password
>
> Which basically means "allow root to login, but with key exchange only".
>
> Funky, innit.
I read the mangpage nad I noted the "forced-commands-only", somehow I
Hey Mark!
Are you looking for
PermitRootLogin without-password
instead of
PermitRootLogin yes
in /etc/ssh/sshd_config ?
Mark Bucciarelli wrote:
On Tuesday 10 August 2004 10:52, Dale E Martin wrote:
Anyways, I would like to disable password logins for root on several of
my boxes but allow root to c
> Would it work to disable all ssh password logins and only allow logins with
> the proper private key?
I'm not sure, I'd have to check with my Windows users who do CVS checkouts
via ssh and see if their clients would support that. I suppose it might
work. I'd still like to see a way to speci
> /etc/ssh/sshd_config:
>
> PermitRootLogin no
>
> You will have to login as ordinary user, and than do "su -".
That's not so convenient for doing nightly rsync backups over ssh though.
I know what keys to expect coming in for this - hence the question about
disallowing password login for root,
On August 10, 2004 08:30 am, Shannon R. wrote:
> i only have 1 important box yet i'm getting the same
> thing also.
>
> by the way, won't leaving only "console" in
> /etc/securetty disallow remote root logins? i did it
> and my box still accepts remote root logins. any ideas
> why?
Because ssh do
Dale E Martin wrote:
Anyways, I would like to disable password logins for root
/etc/ssh/sshd_config:
PermitRootLogin no
You will have to login as ordinary user, and than do "su -".
Use tcpwrappers to limit users and IP addresses:
/etc/hosts.allow:
sshd: [EMAIL PROTECTED]
but it works only if sshd i
On Tue, 10 Aug 2004 23:02, Mark Bucciarelli <[EMAIL PROTECTED]> wrote:
> On Tuesday 10 August 2004 10:52, Dale E Martin wrote:
> > Anyways, I would like to disable password logins for root on several of
> > my boxes but allow root to come in from known IPs and with known ssh
> > keys. Is there a w
On Tuesday 10 August 2004 10:52, Dale E Martin wrote:
> Anyways, I would like to disable password logins for root on several of
> my boxes but allow root to come in from known IPs and with known ssh
> keys. Is there a way to disable password logins for root in sshd_config
> or root/.ssh/config, w
> by the way, won't leaving only "console" in /etc/securetty disallow
> remote root logins? i did it and my box still accepts remote root
> logins. any ideas why?
I don't know why that doesn't work but if you want to totally disable ssh
login for root put "PermitRootLogin no" in /etc/ssh/sshd_conf
> I've noticed a fair number of attempted root
> logins on my various boxes
>
i only have 1 important box yet i'm getting the same
thing also.
by the way, won't leaving only "console" in
/etc/securetty disallow remote root logins? i did it
and my box still accepts remote root logins. any ideas
w
On Tue, 10 Aug 2004 20:52, Dale E Martin <[EMAIL PROTECTED]> wrote:
> I've noticed a fair number of attempted root logins on my various boxes
Same here. Also attempted logins to "test", "admin", and some other accounts.
> over the last few weeks. I don't know if there is a new ssh vulnerability
18 matches
Mail list logo
