On Tue, 6 Oct 2009 11:06 +0200, des@ wrote:
"Peter" <[email protected]> writes:
Or combine that with portknocking - Only open port 22 after X number of
attempts to connect on port 1234:
> As has already been explained, that's no good if you need to ssh in
from
behind a corporate firewall that blocks everything except 20, 22, 80 and
443.
DES
Don't forget about making good use of the following configuration
turntables. You can enforce a default policy of deny by just saying that a
user must be in the group of AllowGroups. This does enforce a little bit
more of a administrative overhead but that's for your staff and policy to
decide.
AllowGroups
AllowUsers
DenyGroups
DenyUsers
Collect tried user names and don't allow those to be added to your system
as legitimate users is another approach. Configuring pw(8) and adduser(8)
for this will be a good exercise.
--
%{----------------------------------------------------+
| dataix.net!jhell 2048R/89D8547E 2009-09-30 |
| BSD since FreeBSD 4.2 Linux since Slackware 2.1 |
| 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E |
+----------------------------------------------------%}
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
