David L Norris wrote:
On Thu, 2004-10-14 at 13:07 -0400, Scot L. Harris wrote:
In /etc/sshd/sshd_config you want to have the following lines:
PermitRootLogin no
AllowUsers selectusernames
You can also create a 'remote' group, add only those users who need remote access and then add this to sshd_config: AllowGroups remote
That way you can specify who can login remotely via SSH with any of the user management tools. I think it would be nice if this was the default. FirstBoot could add the first normal user to the remote group automatically, for example.
I create an sshusers group for that: groupadd -g 101 sshusers
And I like your idea of it being an installation or firstboot configured default. When adding a non-root user in firstboot there could be a checkbox for allowing them ssh access which added them to the sshusers group.
Allowing only protocol 2, and not permitting root login, should also be default settings.
Chris
-- ----------------------------------------------------------- "Spend less! Do more! Go Open Source..." -- Dirigo.net Chris Johnson, RHCE #807000448202021
