Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] SSHD - limiting access to one account - how?
  • From: Tobias Burnus <burnus@xxxxxxxx>
  • Date: Mon, 04 Feb 2002 13:54:40 +0100
  • Message-id: <3C5E848F.8AD957B4@xxxxxxxx>
Hi Steven,

> How set the sshd to only allow access to one local account only.
AllowUsers foo

> And if some option is commented out in the sshd_config does it use the
> default option?
SSHD has to, what else should it use ...

> What exploits are there for the "UseLogin" option?
> e.g.. #UseLogin no
UseLogin allows one to do a "ssh foo" and then enter the password.
If you disallow login you need to have a authorised key.
Since you can limit the computers which can connect to computers
(~/.ssh/authorised__key) from=bar it provides extra security.
Whether this is more secure depends on who knows the accounts password,
who can have access to authorised_key and who to the master key
on the other computer.

* * *
A not that uncommon setup is for remote administration of larger unix
pools is:
- run an extra sshd
- allow root login (only root)
- disallow login
- using a ~/.ssh/authorised_key which allows only the main severs
key to login.

This above all: To thine own self be true / And it must follow as
the night the day / Thou canst not then be false to any man.

< Previous Next >
Follow Ups