On Thu, 2006-30-03 at 09:56 -0600, Jason L Tibbitts III wrote: > I have a few comments about the article. (I package denyhosts for > Fedora Extras.) > > You install it via yum, and at that point it is actually configured. > A proper config file is already in /etc/denyhosts.cfg, although you > can of course tweak it. And there's no need to copy anything into > /etc/init.d, because it's already set up. > > So the procedure is just: > > yum install denyhosts > (edit /etc/denyhosts.cfg to your liking) > chkconfig denyhosts on > service denyhosts start > > If you prefer to run denyhosts from cron instead of as a daemon, you > can edit /etc/sysconfig/denyhosts and follow the instructions there. > Other info related to the Fedora package is in > /usr/share/doc/denyhosts*/README.fedora Another quick trick that helps is to add a line to the bottom of : /etc/ssh/sshd_config AllowGroups staff Assign only users allowed to use ssh to group staff. This makes any user not in group staff appear to have an invalid password whether or not it is. Of course you can use any group you want, this just happens to be the one I use to allow ssh on my servers. The other part is ensuring all users in group staff have _*GOOD*_ passwords. I believe you can also disable ssh-agent and manually assign the public keys to .ssh/known_hosts . I don't use this anymore it was a PITA.
