On Thu, 2005-04-07 at 08:49 +0100, Paul Howarth wrote: > Suggestions: > > 1. Disable root logins in ssh (you can still log in as a regular user > and use "su") by putting "PermitRootLogin no" in /etc/ssh/sshd_config. > > 2. Make sure you use strong passwords for *all* accounts. > > 3. Consider turning off password authentication altogether and using > certificates instead. I have two additions to Paul's excellent list: First is to create a group for remote users and only make those accounts that need ssh access members of the group. Then edit /etc/ssh/sshd_config and add: AllowGroups <remote-group> replacing <remote-group> with your new group name. Second, while you're in /etc/ssh/sshd_config look for the line #Protocol 2,1 and replace with Protocol 2 to remove an older, less secure option that you shouldn't need. Restart sshd. -- Brian Gaynor www.pmccorp.com FC3/Linux on DELL Inspiron 5160 3.0Ghz canis 11:06:28 up 2:36, 2 users, load average: 0.18, 0.08, 0.01
