Date: Thu, 11 Dec 2008 06:40:10 -0500 From: Jerry <gesbbb@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: How to block NIS logins via ssh? Message-ID: <20081211064010.1756fde5@scorpio> In-Reply-To: <200812110911.27184.fbsd.questions@rachie.is-a-geek.net> References: <alpine.BSF.2.00.0812100440400.49382@prime.gushi.org> <20081210191617.GD82227@dan.emsphone.com> <alpine.BSF.2.00.0812110005480.2179@prime.gushi.org> <200812110911.27184.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/QtepkEXWUqm6Uy4qRycDp9A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, 11 Dec 2008 09:11:26 +0100 Mel <fbsd.questions@rachie.is-a-geek.net> wrote: >On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote: > >> Given, there's several solutions to this: >> >> 1) The Kluge as above. >> >> 2) A pam module to check /etc/group (this is standard login >> behavior, and historically supported, and available on other >> platforms, adding a module, even to ports, is trivial. >> >> 3) A patch to openssh to do /etc/shells checking (I'll note that >> openSSH has the "UseLogin" option, which may also do this. >> >> 4) An option to pam_unix to check this. Differs from #2 in that >> it's a change to an existing module instead of one in ports. > >5) Use AllowGroups/AllowUsers and/or their Deny equivalent in >sshd_config. > >6) Disable password based logins and use keys only. Personally, I have always used 'keys' instead of passwords. Given enough time and resources, any password can be cracked. I really do not understand why so many users insist on using passwords anyway. --=20 Jerry gesbbb@yahoo.com A sadist is a masochist who follows the Golden Rule. --Sig_/QtepkEXWUqm6Uy4qRycDp9A Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklA/CMACgkQBvaKIJWWCO2g2gCfVPafAu4iw35C5YdniEEEIQu2 WlgAn1uxZM0l1xbc2hywLUd6g3jsdnk4 =3qOT -----END PGP SIGNATURE----- --Sig_/QtepkEXWUqm6Uy4qRycDp9A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081211064010.1756fde5>