More SSH 'trolling'
Andrey Andreev
andreev at cs.helsinki.fi
Thu Oct 14 17:19:59 UTC 2004
Scot L. Harris wrote:
> On Thu, 2004-10-14 at 10:40, Andrey Andreev wrote:
>
>>Wouter van Vliet wrote:
>>
>>>As for limiting ssh access only to those who need it, how would that
>>>be done and how can I restrict on IP and user? I've found this page
>>>http://doc.trustix.org/cgi-bin/trustixdoc.cgi?Restrict_SSH_Per_User
>>>which explains about allowing only certain users. It's cool. Now, what
>>>would be the user/ip combi approach?
>>
>>I make my firewall do that.
>
>
> That is good but having sshd restrict who can login in addition to the
> firewall gives you two lines of defense against someone. If they happen
> to get past the firewall then they have to get past your sshd
> configuration as well.
Good point, actually all the ones you make are good stuff. I was only
referring to limiting IPs that could be used for SSH in my last post.
That's obviously not a complete solution. Thanks for pointing that out.
//Andro
More information about the fedora-list
mailing list