MORE SSH Hacking: heads-up
David L Norris
dave at webaugur.com
Sun Aug 1 03:25:18 UTC 2004
On Sat, 2004-07-31 at 00:12 -0700, Michael wrote:
> People seem to be going through great efforts to counter something that
> isn't all that uncommon. Sometimes the simplest things are left out of the
> discussion. Why hasn't anybody said anything about disableing root logons
> via ssh? (isn't this pretty much standard proceedure to public systems?)
Exactly... Don't enable remote login for anyone who doesn't need it.
On all my systems I create a "remote" group and add only those users who
are responsible enough to have shell access. Then
in /etc/ssh/sshd_config I add the following:
PermitRootLogin no
AllowGroups remote
On critical systems I use only SSH keys:
PasswordAuthentication no
Many people seem to think that SSH magically makes their systems safe
from intrusion. Without requiring keys SSH is as insecure as the least
secure service on the machine.
--
David Norris
http://www.webaugur.com/dave/
ICQ - 412039
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040731/c89f5472/attachment-0001.sig>
More information about the fedora-list
mailing list