-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 joe wrote:
joe wrote:
Richard Creighton wrote:
I prefer a more simple approach. Rather than adding more firewall rules, I set the sshd allowed_users parameter to the 2 accounts that actually have a reason to log in, and I also limit the IP addresses which will accept an ssh connection using tcp wrappers (hosts.allow, hosts.deny).
typo/thinko - I meant, limit the addresses *from* which it will accept an ssh connection using tcp wrappers. Also, as one poster mentioned, using keys instead of passwords is another handy ssh trick, along with reducing the max failed attempts and grace period for ssh logins.
Joe
A small point, for small setups the pam_access.so module is probably simpler to use than tcp wrappers. (but of course this depends on ones definition of simple :-) ). - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGm6jGasN0sSnLmgIRAlBNAJ4zzkdiKfhl1ebN6rTJYrcsqdElSwCeNoJl +Q8P2oajTRx6FwLykjtMcek= =aB/l -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org