On Mon, 2006-01-16 at 09:30 -0600, Kevin K wrote:
> On Jan 16, 2006, at 5:19 AM, Tom Brown wrote:
>
> > how can i stop root logging into ssh ? I presume there is a setup
> > file somewhere?
> >
> > thanks
> >
>
> In addition to the suggestion on how to turn off root, you may want
> to also explicitly allow only certain users.
>
> AllowUsers username
>
> To even tighten it down even more.
>
> You wouldn't believe the number of attempts I get on my DSL line to
> login.
There is also an AllowGroups option. I add this:
AllowGroups sshusers
Then I create a group called sshusers and add all users who I want to
have ssh access to that group.
I also listen on a different port (like 2345) and not on the standard
port 22 (at least not from outside the firewall). You can do this if
you have an external firewall (to /etc/sshd_config):
Port 22
Port 2345
Then you can forward port 2345 from the firewall into 2345 on this
machine ... and inside the firewall still use normal ssh (port 22) but
from outside, you would ssh into 2345.
Hardly ever get scan hits now for ssh.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20060116/d84993b6/attachment.bin
