On Thu, 11 Dec 2008 09:11:26 +0100 Mel <[EMAIL PROTECTED]> wrote: >On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote: > >> Given, there's several solutions to this: >> >> 1) The Kluge as above. >> >> 2) A pam module to check /etc/group (this is standard login >> behavior, and historically supported, and available on other >> platforms, adding a module, even to ports, is trivial. >> >> 3) A patch to openssh to do /etc/shells checking (I'll note that >> openSSH has the "UseLogin" option, which may also do this. >> >> 4) An option to pam_unix to check this. Differs from #2 in that >> it's a change to an existing module instead of one in ports. > >5) Use AllowGroups/AllowUsers and/or their Deny equivalent in >sshd_config. > >6) Disable password based logins and use keys only.
Personally, I have always used 'keys' instead of passwords. Given enough time and resources, any password can be cracked. I really do not understand why so many users insist on using passwords anyway. -- Jerry [EMAIL PROTECTED] A sadist is a masochist who follows the Golden Rule.
Description: PGP signature