One more lockdown on ssh I have not seen mentioned recently is /etc/hosts.allow and /etc/hosts.deny. The sshd uses these. If you have some idea of where people will be ssh'ing from, you can limit the IP ranges, or domain names which can get past in. If you don't match the list, you never even get to the login prompt. For example, my home ssh only allows the IP address of my machine at work to get a login prompt. Note that sshd (and tcpwrappers) looks at hosts.allow first and if it gets a thumbs up you get a login prompt. It then looks at hosts.deny. If you are not covered by this list, YOU GET IN! You probably want a hosts.deny file that reads: ALL: ALL That blocks everything except what is in hosts.allow. If you have a lot of people coming in from very diverse IP addresses, you could play the reverse game and use the hosts.deny to just block the IP ranges you see trolling. Lot of flexibility here. Breaking in to ssh is even harder when you can't get a login prompt. Robert E. Styma Principal Engineer (DMTS) Lucent Technologies, Phoenix Email: stymar@xxxxxxxxxx Phone: 623-582-7323 FAX: 623-581-4390 Company: http://www.lucent.com Personal: http://www.swlink.net/~styma
