[Gllug] ssh attacks

Dani Pardo dani at enplater.com
Fri Feb 3 15:48:51 UTC 2006


En/na Daniel P. Berrange wrote:

> Ditch passwords & switch to public key based authentication. As a minimum
> I typically alter the SSH config of internet facing machines to set
> 
>   AllowUsers bob
>   PermitRootLogin no
>   PasswordAuthentication no
>   GSSAPIAuthentication no
>   ChallengeResponseAuthentication no
>   PubkeyAuthentication yes
> 

   Wha't I can't achive is to allow only an ordinary user to ssh (via 
AllowUsers), and also root to ssh via the host RSA key, but disable root 
logins with password. Mmm..

-- 
Dani Pardo, dani at enplater.com
Enplater S.A
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list