If only you require SSH access to the server, deny all access via hosts.deny to ssh (sshd: ALL) then add your host to the hosts.allow file (sshd: your.host) - this is how i have my raq3 setup, deny all access to sshd and ftp to everyone, then just add the hosts of users who require shell access
-John ----- Original Message ----- From: "David Garcia Watkins" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 9:53 AM Subject: Re: [cobalt-security] sshd security tweaking > Hi, > > Lines in the config file are commented, because they are the default values > for each option. If you want to change a value, uncomment it, and change it. > > Changing the port could fool some port scanners, not all. But its still a > good addition to your security measures. > > Protocal actually spells Protocol, maybe this is your problem? > > and, yes, its a good idea to disable SSH1. > > David Garcia Watkins > [EMAIL PROTECTED] > > ----- Original Message ----- > > Since I, as server admin, am the only person needing shell access, I was > thinking of changing the port to which sshd listens to something more > obscure, rather than the default 22. Does this help? > > > > Would it be done in the /etc/ssh/sshd_config file? It seems that every > line in that file is commented out in the version of ssh I downloaded from > http://pkgmaster.com/. > > > > I have uncommented the line to stop direct root login myself. I also > uncommented the line listing just Protocal 2, but that caused an error when > I tried logging in. Should I still attempt to turn off acceptance of SSH1 > as well? > > > > Is this all done in the same config file? > > > > Thanks for advice! > > Rod. > > > > > > -- > > > > _______________________________________________ > > Sign-up for your own FREE Personalized E-mail at Mail.com > > http://www.mail.com/?sr=signup > > > > > > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
