On Sat, 2004-07-31 at 00:12 -0700, Michael wrote: > People seem to be going through great efforts to counter something that > isn't all that uncommon. Sometimes the simplest things are left out of the > discussion. Why hasn't anybody said anything about disableing root logons > via ssh? (isn't this pretty much standard proceedure to public systems?) Exactly... Don't enable remote login for anyone who doesn't need it. On all my systems I create a "remote" group and add only those users who are responsible enough to have shell access. Then in /etc/ssh/sshd_config I add the following: PermitRootLogin no AllowGroups remote On critical systems I use only SSH keys: PasswordAuthentication no Many people seem to think that SSH magically makes their systems safe from intrusion. Without requiring keys SSH is as insecure as the least secure service on the machine. -- David Norris http://www.webaugur.com/dave/ ICQ - 412039
Attachment:
signature.asc
Description: This is a digitally signed message part
