On Fri, Jun 5, 2009 at 9:16 AM, MJang <[email protected]> wrote: > FWIW, I disable root logins for SSH on my /etc/ssh/sshd_config with > > PermitRootLogin no >
An interesting trick that I use to make it so that backup tools like Dirvish remain useful is: PermitRootLogin without-password That (somewhat counter-intuitively) allows root to login w/ a private key, but not a password. So, my automated backup scripts from my backup server can still get in w/ root privs, but no password-based root auth is allowed. You can also specify particular legal IPs on the allow users line if you want to double-up: AllowUsers [email protected] A couple finer points of SSHD config I didn't learn about nearly soon enough. I still don't know how to "wildcard" AllowUsers though. So I can say something like "Allow in all valid users, but joe only from a certain IP, and root only from a certain IP" without having to add every user to the line. Should look into that again... QH _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
