[plug] Attempted Intrusions
Cameron Patrick
cameron at patrick.wattle.id.au
Wed Oct 20 10:50:28 WST 2004
bob wrote:
> You should setup AllowUsers or AllowGroups, depending on the number of users
> you wish to allow access via ssh to. EG AllowUsers alice bert carl daisy
> (do not have root as a valid user, use su etc )
>
> If possible set PasswordAuthentication to no and only allow
> PubkeyAuthentication as an authentication method (difficult for some users
> to do but worthwhile if possible)
Is it possible to set these restrictions per-account and/or per-IP
address? (Much like apache's access controls or squid's acls.) It
would be nice to say, e.g. allow password log-ins for some users but
not for others, and allow root log-ins on the internal network but not
the external network.
At work I'm kludging around this by running two instances of sshd, one
locked-down one on a high port which is accessible to the external
world and one on the standard port for the internal network.
Cameron.
More information about the plug
mailing list