More SSH 'trolling'
Christopher K. Johnson
ckjohnson at gwi.net
Thu Oct 14 20:43:03 UTC 2004
David L Norris wrote:
>On Thu, 2004-10-14 at 13:07 -0400, Scot L. Harris wrote:
>
>
>>In /etc/sshd/sshd_config you want to have the following lines:
>>
>>PermitRootLogin no
>>
>>AllowUsers selectusernames
>>
>>
>
>You can also create a 'remote' group, add only those users who need
>remote access and then add this to sshd_config:
> AllowGroups remote
>
>That way you can specify who can login remotely via SSH with any of the
>user management tools. I think it would be nice if this was the
>default. FirstBoot could add the first normal user to the remote group
>automatically, for example.
>
>
>
I create an sshusers group for that:
groupadd -g 101 sshusers
And I like your idea of it being an installation or firstboot configured
default. When adding a non-root user in firstboot there could be a
checkbox for allowing them ssh access which added them to the sshusers
group.
Allowing only protocol 2, and not permitting root login, should also be
default settings.
Chris
--
-----------------------------------------------------------
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #807000448202021
More information about the fedora-list
mailing list