Re: blocking ssh Root Logins - hosts

To: debian-user@lists.debian.org
Subject: Re: blocking ssh Root Logins - hosts
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Mon, 21 Mar 2005 13:34:20 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050321132729.1561A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 423F06A2.6070002@familiasanchez.net>

On Mon, 21 Mar 2005, Roberto C. Sanchez wrote:

> Add 'PermitRootLogin no' to /etc/ssh/sshd_config and restart ssh.
> As a caveat, make user to include the AllowUsers directive with at
> least one user that should *always* be able to log in remotely.

ditto to what others said and than.. for added paranoia

/etc/hosts.deny
	ALL : ALL

	- note that somethings ( like nfs mounts ) will break if you 
	turn on (tcpwrappers) inetd

restart inetd ...  see if you can login .. you shouldn't be able to
if tcpwrappers is compiled in that sshd binaries
	- if it allows you in .. you might want to recompile
	sshd with tcpwrappers

/etc/hosts.allow
	sshd : 192.168.11.123

	# if you allow nfs
	portmapper : ...
	mount : ...

restart inetd and now its safer ... that only *.123 can login as a user
and no other sniffers  even if they knew your login/pwd

or is ssh keys better .... w/ ip# restrictions

in either case, hosts.deny should be denying everything as default

and if they can hijack your ip# and come in anyway... 
"call the seals to come fix the penguin" :-)

c ya
alvin

Reply to:

References:
- Re: blocking ssh Root Logins
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

Prev by Date: KDE: Dependency vs Suggested or Recommended
Next by Date: Help on Alsa on Debian Sarge
Previous by thread: Re: blocking ssh Root Logins
Next by thread: Re: blocking ssh Root Logins
Index(es):
- Date
- Thread