From owner-freebsd-questions@FreeBSD.ORG Sun Mar 26 20:07:37 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59CAF16A41F for ; Sun, 26 Mar 2006 20:07:37 +0000 (UTC) (envelope-from kdgrills@the-grills.com) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48E7D43D53 for ; Sun, 26 Mar 2006 20:07:36 +0000 (GMT) (envelope-from kdgrills@the-grills.com) Received: from srv1.the-grills.com (c-71-57-60-59.hsd1.il.comcast.net[71.57.60.59]) by comcast.net (rwcrmhc14) with SMTP id <20060326200735m1400sljjbe>; Sun, 26 Mar 2006 20:07:35 +0000 Received: (qmail 53302 invoked by uid 1001); 26 Mar 2006 20:07:34 -0000 Date: Sun, 26 Mar 2006 14:07:34 -0600 From: "Kelly D. Grills" To: freebsd-questions@freebsd.org Message-ID: <20060326200733.GF752@the-grills.com> Mail-Followup-To: freebsd-questions@freebsd.org References: <4426F0EB.5040109@shaw.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KlAEzMkarCnErv5Q" Content-Disposition: inline In-Reply-To: <4426F0EB.5040109@shaw.ca> X-Operating-System: FreeBSD/6.0-RELEASE (i386) X-PGP-Key: mailto:kdgrills-pgpkey@the-grills.com User-Agent: Mutt/1.5.11 Subject: Re: Tightening up ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2006 20:07:37 -0000 --KlAEzMkarCnErv5Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 26, 2006 at 11:52:11AM -0800, Graham North wrote: >=20 > Does this mean that there is a way to run ssh, but only allow certain use= rs=20 > to use it. My default seems to have been that if someone has a username= =20 > and password they can access ssh (except root as "PermitRootLogin no" is= =20 > the default). The ssh port seems to be the most heavily attacked one on= =20 > my machine and so I recently took to blocking port 22. My preference=20 > would be to enable it to only one user and give them an obscure username= =20 > and strong password. Root is not currently allowed access by default in= =20 > the setup. >=20 > Is this the approach that you alluded to above? Can you point me to som= e=20 > information or provide some tips. > Thanks, Graham/ >=20 See SSHD_CONFIG(5), specifically the AllowUsers keyword. --=20 Kelly D. Grills kdgrills@the-grills.com --KlAEzMkarCnErv5Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) Comment: PGP key: mailto:kdgrills-pgpkey@the-grills.com iD8DBQFEJvSE7inS5LzF7HMRAh+HAJ9gJNhyFvyGxrG5sn2WEaFF1Z94/gCfVZEf mOrvWZO75EVQb0GoMJH5Mi4= =cSdK -----END PGP SIGNATURE----- --KlAEzMkarCnErv5Q--