-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I have a Debian box on my home network (currently running Sarge, and when I have two seconds to rub together I'll upgrade to Etch). I want to be able to ssh into the machine from outside the home network, e.g. if I'm at a coffee shop with a WAP. Using sftp is also desirable. Now, obviously I want to make it as difficult as possible for unauthorized people to get access to the machine. Now, if I've done my background reading thoroughly enough, then I want to force private key authentication, disable root login, and disable password authentication. I've set the following options in my sshd_config (these aren't all the options, just the ones that appear to me to be relevant to my question): PermitRootLogin no RSAAuthentication no PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no PasswordAuthentication no UsePAM yes Subsystem sftp /usr/lib/openssh/sftp-server Oh, and when this is all OK, I'll set up port forwarding on my firewall to send port 22 to the machine in question. Anything I've overlooked? TIA! - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFF32UkLdDyDwyJw+MRArpWAJ9WaDJTipaRSVFakKldOl+uRK/OfACgpDPN zOjlVV09eiXfcr4737BGp3I= =YD5w -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
