[Gllug] ssh attacks
Dani Pardo
dani at enplater.com
Fri Feb 3 15:48:51 UTC 2006
En/na Daniel P. Berrange wrote:
> Ditch passwords & switch to public key based authentication. As a minimum
> I typically alter the SSH config of internet facing machines to set
>
> AllowUsers bob
> PermitRootLogin no
> PasswordAuthentication no
> GSSAPIAuthentication no
> ChallengeResponseAuthentication no
> PubkeyAuthentication yes
>
Wha't I can't achive is to allow only an ordinary user to ssh (via
AllowUsers), and also root to ssh via the host RSA key, but disable root
logins with password. Mmm..
--
Dani Pardo, dani at enplater.com
Enplater S.A
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list