On Thu, Oct 14, 2004 at 10:18:13AM -0600, Rodolfo J. Paiz wrote: > On Thu, 2004-10-14 at 17:06 +0200, Alexander Dalloz wrote: > > You don't need to modify the SSH PAM module to restrict SSH connects for > > specific accounts. That has been said before in this thread -> man > > sshd_config --> AllowUsers + AllowGroups > > > > Also remember to disable SSH protocol version 1, which is inherently > insecure. Your /etc/ssh/sshd_config file probably has "Protocol 2,1" in > it somewhere. Simply change that line to say "Protocol 2". Some folks with longish memories will recall that ssh had a bug some time back. That bug made rsh more secure than ssh. It is important to know how to turn on an alternative and test it in advance (test then disable). During the time it takes to distribute a bug fix something different an alternative might be needed. Also -- no one mentioned BACKUPS.... Also consider the chicken and egg risk of reinstalling software on a system that has been rootkited. The flaw might be in the base distribution. If you reinstall the base system from scratch you need to patch it prior to exposing it on the net. However, you might need to put that same box on the net to download the necessary fix. If the bug is in an unneeded service you can update without exposure to the old risk by not enabling it. But we do not know what we do not know. -- T o m M i t c h e l l May your cup runneth over with goodness and mercy and may your buffers never overflow.