On Thu, 2004-10-14 at 10:40, Andrey Andreev wrote:
Wouter van Vliet wrote:
As for limiting ssh access only to those who need it, how would that be done and how can I restrict on IP and user? I've found this page http://doc.trustix.org/cgi-bin/trustixdoc.cgi?Restrict_SSH_Per_User which explains about allowing only certain users. It's cool. Now, what would be the user/ip combi approach?
I make my firewall do that.
That is good but having sshd restrict who can login in addition to the firewall gives you two lines of defense against someone. If they happen to get past the firewall then they have to get past your sshd configuration as well.
Good point, actually all the ones you make are good stuff. I was only referring to limiting IPs that could be used for SSH in my last post. That's obviously not a complete solution. Thanks for pointing that out.
//Andro
