On 09-06-14 09:50:23, Tom Horsley wrote: >I use the nifty (relatively) new "Match" sshd_config stuff to disable >root login (and any kind of simple password login for that matter) >from IP addresses outside my local network, so I can still ssh as root >easily inside my firewall, but if I'm coming from outside, I need the >proper long passphrase protected public key and can only login >as a normal user. I back up my remote servers using a customized script using rsync, so they all need and have ssh key access to root (PermitRootLogin without- password). As long as I have that set up, I figure that I might as well log in directly as root myself. I do have another layer of defense, using the iptables "recent" module, along with pam_recent to allow for repeated successful logins. I'm open to advice if this is not a good way to do it. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
