Date: Sun, 26 Mar 2006 11:52:11 -0800 From: Graham North <northg@shaw.ca> To: mark@mkproductions.org, questions freebsd <freebsd-questions@freebsd.org> Subject: Tightening up ssh Message-ID: <4426F0EB.5040109@shaw.ca>
next in thread | raw e-mail | index | archive | help
--=======AVGMAIL-4426F0EB348E======= Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi Mark: You recently wrote: "Users are encouraged to create single-purpose users with ssh keys and very narrowly defined sudo privileges instead of using root for automated tasks." Does this mean that there is a way to run ssh, but only allow certain users to use it. My default seems to have been that if someone has a username and password they can access ssh (except root as "PermitRootLogin no" is the default). The ssh port seems to be the most heavily attacked one on my machine and so I recently took to blocking port 22. My preference would be to enable it to only one user and give them an obscure username and strong password. Root is not currently allowed access by default in the setup. Is this the approach that you alluded to above? Can you point me to some information or provide some tips. Thanks, Graham/ -- Kindness can be infectious - try it. Graham North Vancouver, BC www.soleado.ca --=======AVGMAIL-4426F0EB348E======= Content-Type: text/plain; x-avg=cert; charset=us-ascii Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Description: "AVG certification" No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 3/24/2006 --=======AVGMAIL-4426F0EB348E=======--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4426F0EB.5040109>