Billy Kim wrote...
> Is it safe to enable ssh logins on a machine that's
> going to sit on the internet?
> Is it really hackerproof?
It's safer than telnet or rsh, yes.
> Running some tests, I noticed that in order to log
> into a remote machine, even if I don't have any keys,
> it still lets me login with a password.
That session is still encrypted, which is better than telnet
or rsh (no encryption)
> Is it then any safer that just using 'rsh' to login to
> machines?
Yes, it is.
> And when I have no keys or configuration files on my
> local machine and log into a remote machine using
> ssh, it the transmission still encrypted? (Yes, it
> does let me do this).
Yes, it is still encrypted.
> How do I limit logins from only certain IP addresses?
> Do I just use it with tcp-wrappers?
You can use tcp-wrappers, or in the /etc/ssh2/sshd2_config
edit the section towards the bottom - with AllowedHosts
and DenyHosts. Do a 'man sshd2' for the syntax of the arguments
for those configuration options.
If you're using ssh1, the file to edit is /etc/sshd_config.
'man sshd1' should tell you what you want to know there.
# AllowHosts localhost, foobar.com, friendly.org
# DenyHosts evil.org, aol.com
Josh
