Questions concerning Security Log
Brian Gaynor
briang at pmccorp.com
Thu Apr 7 18:10:57 UTC 2005
On Thu, 2005-04-07 at 08:49 +0100, Paul Howarth wrote:
> Suggestions:
>
> 1. Disable root logins in ssh (you can still log in as a regular user
> and use "su") by putting "PermitRootLogin no" in /etc/ssh/sshd_config.
>
> 2. Make sure you use strong passwords for *all* accounts.
>
> 3. Consider turning off password authentication altogether and using
> certificates instead.
I have two additions to Paul's excellent list:
First is to create a group for remote users and only make those accounts
that need ssh access members of the group. Then
edit /etc/ssh/sshd_config and add:
AllowGroups <remote-group>
replacing <remote-group> with your new group name.
Second, while you're in /etc/ssh/sshd_config look for the line
#Protocol 2,1
and replace with
Protocol 2
to remove an older, less secure option that you shouldn't need. Restart
sshd.
--
Brian Gaynor
www.pmccorp.com
FC3/Linux on DELL Inspiron 5160 3.0Ghz
canis 11:06:28 up 2:36, 2 users,
load average: 0.18, 0.08, 0.01
More information about the fedora-list
mailing list