<<On Tue, 6 Oct 2009 15:49:16 -0400, jhell <[email protected]> said:
> Don't forget about making good use of the following configuration > turntables. You can enforce a default policy of deny by just saying that a > user must be in the group of AllowGroups. This does enforce a little bit > more of a administrative overhead but that's for your staff and policy to > decide. Indeed, for a personal server that only I ever log in to, one of the first things that I do is add "AllowUsers wollman" to /usr/local/etc/ssh/sshd_config. That's just a belt-and-suspenders thing, though, to make sure that I don't fat-finger the password file or something. I generally ignore the ssh "invalid user" complaints -- I have a modified version of /etc/periodic/security/800.loginfail that filters them out -- because they're totally irrelevant and have no impact on security. That allows me to pay attention to the (very occasional) password failures on real user accounts. -GAWollman _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
