Re: Securing debian box
* Jim Hyslop wrote:
> PermitRootLogin no
> RSAAuthentication no
> PubkeyAuthentication yes
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> HostbasedAuthentication no
> PermitEmptyPasswords no
> ChallengeResponseAuthentication no
> PasswordAuthentication no
> UsePAM yes
> Subsystem sftp /usr/lib/openssh/sftp-server
I've also added "Protocol 2" to omit ssh 1 and I set UsePam to no
because I wasn't able to prohibit password authentication with PAM
enabled.
Restricting the allowed users is probably a good idea, too:
AllowUsers you
Also I am using iptables to limit the per-ip connection tries in a given
amount of time: <http://www.debian-administration.org/articles/187>.
Cheers,
Alex
Reply to: