On Tue 28 Jan 2014 at 15:31:25 +0100, Raffaele Morelli wrote:
> 2014-01-28 Joe <joe@jretrading.com>
>
> > And so was Raffaele's reply. If you will be using ssh from outside, set
> > up keys and disable the use of passwords. Use a good password or phrase
> > on the private key, and keep it on a USB stick away from the laptop.
> > Laptops are easy to lose. If you need to use Windows, then make the
> > keys in puTTY, because as far as I know, puTTY still can't use OpenSSH
> > private keys but can make public ones.
> >
>
> Also AllowUsers directive in sshd_config should be set because If a user is
> not listed in there, login attempts stop suddenly at [preauth] level and
> you can use the form user@domain to futher restrict access.
The AllowUsers directive is a legitimate way to restrict ssh logins to
certain users. However, I do not see what (ssh keys + AllowUsers) brings
to the party that (password + AllowUsers) doesn't.