-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alexander Wasmuth wrote:
> I've also added "Protocol 2" to omit ssh 1 and I set UsePam to no
> because I wasn't able to prohibit password authentication with PAM
> enabled.
I'm currently not planning on using PAM, but I'll disable it anyway -
that way if I do enable PAM in the future, I won't overlook that loophole.
> Restricting the allowed users is probably a good idea, too:
>
> AllowUsers you
Ah, good idea.
> Also I am using iptables to limit the per-ip connection tries in a given
> amount of time: <http://www.debian-administration.org/articles/187>.
Thanks for the link. I haven't read that page in detail, but at first
blush it looks like that's a defense against a dictionary attack. If
that's the case, wouldn't disallowing password authentication suffice?
Or does this also defend against a DoS attack?
- --
Jim Hyslop
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFF4LwHLdDyDwyJw+MRAmeSAJ9Cb3OQaMcsb/owHd/B86pl947w7ACcDsQW
wz04/mkbQWPK4DLCGmQwPdw=
=Q0OY
-----END PGP SIGNATURE-----