Can we allow user @host with openssh? Not using tcpwrappers, I've a domain based on my ISP and if I let the domain in I open several chances... I read that we can put matching patterns under allowed users but can't seen to find that on man 5 sshd_config... David Bear wrote:
On Sun, Dec 11, 2005 at 02:56:50PM -0800, Scott Leighton wrote:
On Sunday 11 December 2005 2:41 pm, Bruno Cochofel wrote:
I need to install an ssh server and I need some information about security options. I know that has been some kind off "attacks" on port 22 on the internet so I want to know a little more about those options under /etc/ssh/sshd_config.
The options are pretty well documented in man 5 sshd_config
Most people seem to strongly recommend setting
Protocol 2
instead of
Protocol 1,2
and
PermitRootLogin no
instead of
PermitRootLogin yes
how about
DenyGroup DenyUsers AllowGroup AllowUsers
these seem usefull for preventing brute force attacks on accounts like www, postgres, uucp, etc.
You will also see many people recommending you change the default port from 22 to some high port number, but I'm not so sure that makes much of a difference.
Scott
-- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-21.9-default x86_64 SuSE Linux 9.3 (x86-64)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here