Personnally i keep sshd running, but otoh, for newby-users, like Marcus suggested, have installed, but turned off, (other daemons like telnet or ftp are not running by default either) Another suggestion, for default sshd config 1) only enable ssh2 protocol, now both ssh1 and ssh2 are enabled. Protocol Specifies the protocol versions sshd supports. ==> The default is “2,1”. <== 2) disable PasswordAuthentication Specifies whether password authentication is allowed. ==> The default is “yes”. <== If you need remote access to a system, take the time to distribute a lengthy asymetric key (longer than the default), protected by long enough pass-phrase 3) disable root access. PermitRootLogin Specifies whether root can log in using ssh ==> The default is “yes”. <== Horrible!! 4) restrict access with "AllowUsers" This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. ==> By default, login is allowed for all users. <== Suggestion 1 & 3 should have little or no impact. 2) would only cause some seconds extra work for admin's... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org