[TriLUG] Limit ssh access
Jeff Bollinger
jeff01 at email.unc.edu
Tue Jan 22 15:50:55 EST 2002
I always like to edit the sshd_config file and remove the "Permit Root
Login" (you can always 'su' or 'sudo' later) and remove SSH protocol 1
capability, thereby forcing users to login via SSH2.
Jeff
Kevin Hunter wrote:
> I'm seeing a lot of conflicting tips on the net on how to limit who
> can ssh into my linux ( RH 7.2 ) box. Maybe it's my general level of
> inexperience, but there doesn't seem t/b a consensus on this. I've
> read that I should use tcp_wrapper, and that I cannot use tcp_wrapper
> ( I start sshd through a rc.d script, not from inetd/xinetd ). I've
> seen reference to use "AllowGroups/AllowUsers" in the sshd_config
> file and I've seen comments that you can't use this w/ any version of
> openssh after 1.2 ( I have openssh 2.9p2-7 ).
>
> I would greatly appreciate a recommendation from one of the seasoned
> professionals on this list.
>
> Does tcp_wrapper only work w/ daemons started w/in the inetd/xinetd
> framework, or will it work w/ other tcp services started from
> /etc/rc.d/init.d/ ??
>
> Thx!!
>
> KH
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
>
--
Jeff Bollinger
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc dot edu
More information about the TriLUG
mailing list