[TriLUG] Limit ssh access

Jeff Bollinger jeff01 at email.unc.edu
Tue Jan 22 15:50:55 EST 2002


I always like to edit the sshd_config file and remove the "Permit Root 
Login" (you can always 'su' or 'sudo' later) and remove SSH protocol 1 
capability, thereby forcing users to login via SSH2.

Jeff

Kevin Hunter wrote:

> I'm seeing a lot of conflicting tips on the net on how to limit who
> can ssh into my linux ( RH 7.2 ) box.  Maybe it's my general level of
> inexperience, but there doesn't seem t/b a consensus on this.  I've
> read that I should use tcp_wrapper, and that I cannot use tcp_wrapper
> ( I start sshd through a rc.d script, not from inetd/xinetd ).  I've
> seen reference to use "AllowGroups/AllowUsers" in the sshd_config
> file and I've seen comments that you can't use this w/ any version of
> openssh after 1.2 ( I have openssh 2.9p2-7 ).
> 
> I would greatly appreciate a recommendation from one of the seasoned
> professionals on this list.
> 
> Does tcp_wrapper only work w/ daemons started w/in the inetd/xinetd
> framework, or will it work w/ other tcp services started from
> /etc/rc.d/init.d/ ??
> 
> Thx!!
> 
> KH
> 
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> 


-- 
Jeff Bollinger
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc dot edu




More information about the TriLUG mailing list