Re: OT: New article: Let's block cracker using denyhosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2006-30-03 at 09:56 -0600, Jason L Tibbitts III wrote:
> I have a few comments about the article.  (I package denyhosts for
> Fedora Extras.)
> 
> You install it via yum, and at that point it is actually configured.
> A proper config file is already in /etc/denyhosts.cfg, although you
> can of course tweak it.  And there's no need to copy anything into
> /etc/init.d, because it's already set up.
> 
> So the procedure is just:
> 
> yum install denyhosts
> (edit /etc/denyhosts.cfg to your liking)
> chkconfig denyhosts on
> service denyhosts start
> 
> If you prefer to run denyhosts from cron instead of as a daemon, you
> can edit /etc/sysconfig/denyhosts and follow the instructions there.
> Other info related to the Fedora package is in
> /usr/share/doc/denyhosts*/README.fedora

Another quick trick that helps is to add a line to the bottom of :
/etc/ssh/sshd_config

AllowGroups staff

Assign only users allowed to use ssh to group staff. This makes any 
user not in group staff appear to have an invalid password whether 
or not it is. Of course you can use any group you want, this just 
happens to be the one I use to allow ssh on my servers. The other 
part is ensuring all users in group staff have _*GOOD*_ passwords.

I believe you can also disable ssh-agent and manually assign the 
public keys to .ssh/known_hosts . I don't use this anymore it was 
a PITA.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux