On 31/01/14 17:56, Raffaele Morelli wrote:
> 2014-01-31 Scott Ferguson <scott.ferguson.debian.user@gmail.com
> <mailto:scott.ferguson.debian.user@gmail.com>>:
>> <mailto:ad44@cityscape.co.uk> <mailto:ad44@cityscape.co.uk
> On 31/01/14 15:29, Raffaele Morelli wrote:
> >
> >
> >
> > 2014-01-30 Brian <ad44@cityscape.co.uk
> <mailto:ad44@cityscape.co.uk>>>:
> >
> > On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:
> >
> > > On Tue, 28 Jan 2014 18:42:34 +0000
> > > Brian <ad44@cityscape.co.uk <mailto:ad44@cityscape.co.uk>
> <mailto:ad44@cityscape.co.uk <mailto:ad44@cityscape.co.uk>>> wrote:<snipped>
> > >
> > > > The AllowUsers directive is a legitimate way to restrict ssh
> > logins to
> > > > certain users. However, I do not see what (ssh keys +
> AllowUsers)
> > > > brings to the party that (password + AllowUsers) doesn't.
> > >
>It's not your thread.
> Agree but this is not my point in the thread.
Absolutely - which is *exactly* what happens when the OP asks about
> It's bad habit to split a comment into little pieces losing the whole point.
security and discussion devolves into a discussion about SSH. Security
requires a *comprehensive* approach involving risk assessment, risk
management (distribute the risk) and OpSec. Hence my original suggestion
to follow the Debian Security guide which puts SSH into context. Brian
"gets it", you don't appear to.