Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Openssh + security
  • From: Bruno Cochofel <bruno.cochofel@xxxxxxxxx>
  • Date: Tue, 13 Dec 2005 08:46:07 +0000
  • Message-id: <439E8A4F.3000901@xxxxxxxxx>
Can we allow user @host with openssh? Not using tcpwrappers, I've a
domain based on my ISP and if I let the domain in I open several chances...
I read that we can put matching patterns under allowed users but can't
seen to find that on man 5 sshd_config...

David Bear wrote:

>On Sun, Dec 11, 2005 at 02:56:50PM -0800, Scott Leighton wrote:
>
>
>>On Sunday 11 December 2005 2:41 pm, Bruno Cochofel wrote:
>>
>>
>>>I need to install an ssh server and I need some information about security
>>>options. I know that has been some kind off "attacks" on port 22 on the
>>>internet so I want to know a little more about those options under
>>>/etc/ssh/sshd_config.
>>>
>>>
>>>
>> The options are pretty well documented in man 5 sshd_config
>>
>> Most people seem to strongly recommend setting
>>
>> Protocol 2
>>
>> instead of
>>
>> Protocol 1,2
>>
>> and
>>
>> PermitRootLogin no
>>
>> instead of
>>
>> PermitRootLogin yes
>>
>>
>
>
>how about
>
>DenyGroup
>DenyUsers
>AllowGroup
>AllowUsers
>
>these seem usefull for preventing brute force attacks on accounts like
>www, postgres, uucp, etc.
>
>
>
>> You will also see many people recommending you change
>>the default port from 22 to some high port number, but I'm
>>not so sure that makes much of a difference.
>>
>> Scott
>>
>>
>>
>>--
>>POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/
>>Linux 2.6.11.4-21.9-default x86_64
>>SuSE Linux 9.3 (x86-64)
>>
>>--
>>Check the headers for your unsubscription address
>>For additional commands, e-mail: suse-security-help@xxxxxxxx
>>Security-related bug reports go to security@xxxxxxx, not here
>>
>>
>
>
>
< Previous Next >
Follow Ups