Hi Steven,
How set the sshd to only allow access to one local account only. AllowUsers foo
And if some option is commented out in the sshd_config does it use the default option? SSHD has to, what else should it use ...
What exploits are there for the "UseLogin" option? e.g.. #UseLogin no UseLogin allows one to do a "ssh foo" and then enter the password. If you disallow login you need to have a authorised key. Since you can limit the computers which can connect to computers (~/.ssh/authorised__key) from=bar it provides extra security. Whether this is more secure depends on who knows the accounts password, who can have access to authorised_key and who to the master key on the other computer.
* * * A not that uncommon setup is for remote administration of larger unix pools is: - run an extra sshd - allow root login (only root) - disallow login - using a ~/.ssh/authorised_key which allows only the main severs /root/.ssh/foo key to login. Tobias -- This above all: To thine own self be true / And it must follow as the night the day / Thou canst not then be false to any man.