How to PREVENT a user from logging in through SSH
in [Linux Networking]
|
From: Ignoramus10392 on 7 Apr 2008 10:41 Given prevalence of SSH dictionary attacks, I want to fortify my systems a little. I have several local (inside the house) users who I do NOT want to be able to log on from outside via ssh. I would like to disable any remote SSH logins for these users. How can I do that? thanks
From: Peter Ludikovsky on 7 Apr 2008 10:48 Ignoramus10392 wrote: > Given prevalence of SSH dictionary attacks, I want to fortify my > systems a little. > > I have several local (inside the house) users who I do NOT want to be > able to log on from outside via ssh. > > I would like to disable any remote SSH logins for these users. > > How can I do that? > > thanks man 5 sshd_config Look at the AllowUsers / DenyUsers entries
From: Ignoramus10392 on 7 Apr 2008 11:10 On 2008-04-07, Peter Ludikovsky <darthludi(a)gmail.com> wrote: > Ignoramus10392 wrote: >> Given prevalence of SSH dictionary attacks, I want to fortify my >> systems a little. >> >> I have several local (inside the house) users who I do NOT want to be >> able to log on from outside via ssh. >> >> I would like to disable any remote SSH logins for these users. >> >> How can I do that? >> >> thanks > > man 5 sshd_config > Look at the AllowUsers / DenyUsers entries Looks great to me. Thanks. I assume that if I say AllowUsers ....,root,... then, on conjunctions with PermitRootLogin without-password the passworded root login will not be allowed. I will try to verify everything. i
From: Peter Ludikovsky on 7 Apr 2008 11:25 Ignoramus10392 wrote: > On 2008-04-07, Peter Ludikovsky <darthludi(a)gmail.com> wrote: >> Ignoramus10392 wrote: >>> Given prevalence of SSH dictionary attacks, I want to fortify my >>> systems a little. >>> >>> I have several local (inside the house) users who I do NOT want to be >>> able to log on from outside via ssh. >>> >>> I would like to disable any remote SSH logins for these users. >>> >>> How can I do that? >>> >>> thanks >> man 5 sshd_config >> Look at the AllowUsers / DenyUsers entries > > Looks great to me. Thanks. I assume that if I say AllowUsers > ...,root,... then, on conjunctions with PermitRootLogin > without-password the passworded root login will not be allowed. > > I will try to verify everything. > > i Security-wise it would be better to say "PermitRootLogin no" and "su"||"sudo" when needed. Also, setting "PasswordAuthentication no" and using Public Key Authentication is a good idea. hth /peter
From: Ignoramus10392 on 7 Apr 2008 12:32 On 2008-04-07, Peter Ludikovsky <darthludi(a)gmail.com> wrote: > Ignoramus10392 wrote: >> On 2008-04-07, Peter Ludikovsky <darthludi(a)gmail.com> wrote: >>> Ignoramus10392 wrote: >>>> Given prevalence of SSH dictionary attacks, I want to fortify my >>>> systems a little. >>>> >>>> I have several local (inside the house) users who I do NOT want to be >>>> able to log on from outside via ssh. >>>> >>>> I would like to disable any remote SSH logins for these users. >>>> >>>> How can I do that? >>>> >>>> thanks >>> man 5 sshd_config >>> Look at the AllowUsers / DenyUsers entries >> >> Looks great to me. Thanks. I assume that if I say AllowUsers >> ...,root,... then, on conjunctions with PermitRootLogin >> without-password the passworded root login will not be allowed. >> >> I will try to verify everything. >> >> i > > Security-wise it would be better to say "PermitRootLogin no" and > "su"||"sudo" when needed. Also, setting "PasswordAuthentication no" and > using Public Key Authentication is a good idea. > > hth > /peter Thanks. It worked fine. I have permitrootlogin without-password. I do need from time to time to perform root tasks from scripts, for example restarting named after DNS zone files update. I cannot fully disable root login, though not letting passworded root logins is a good idea which I already follow. Setting PasswordAuthentication to no seems like a very dangerous idea that can leave me stranded. i
|
Next
|
Last
Pages: 1 2 3 4 5 6 7 Prev: How to verify/log/debug which route table being used? Next: rDesktop basics |