On Fri, Aug 14, 2009 at 07:05:15AM +1000, Erik de Castro Lopo wrote: > Jim Donovan wrote: > > > I had port 22 open for a few hours yesterday but closed it when I > > noticed the following. > > An open port 22 can be made safe. There are numerous articles available > on the net like the following: > > http://www.linuxjournal.com/article/8759 > http://www.debian-administration.org/articles/573 > > For the particular issue you had, probably the best option is to use > the AllowGroups option in sshd_config to restrict ssh access to users > of a specific group. On my machine I have > > AllowGroups sshlogin > > and then add any specific users to that group. > > Running SSH on a non standard port also helps.
These are both good suggestions. If you like, you can do a similar thing for many services (not just ssh) with pam_access. BTW, I know where 'thx1138' comes from - it's one of George Lucas's first movies. Probably a fave amongst computer people. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
