On Thu, 29 Oct 2009 09:59:27 -0400 rgheck wrote: > On 10/28/2009 07:44 PM, Tom Horsley wrote: > > On Wed, 28 Oct 2009 18:03:29 -0500 > > Michael Cronenworth wrote: > > > > > >> -Make sure your root password is not a dictionary word. > >> > > Better yet, make sure you only allow public key login from > > outside the trusted local network. I've been setting up my > > sshd that way for a long time now. > > > > > Can you show how to do this? I only know how to make the choice globally. > > rh > > I globally disable various things in the main /etc/ssh/sshd_config file, then I use a "Match" directive at the bottom, which for me looks like: Match Address 127.0.0.1,192.168.1.* Banner /etc/nohamster.txt GSSApiAuthentication yes KerberosAuthentication no PasswordAuthentication yes KbdInteractiveAuthentication no RhostsRSAAuthentication no RSAAuthentication no That overries the global settings for requests originating from the matched IP addrs. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
