Eben King wrote:
> On Wed, 20 Feb 2008, Eben King wrote:
>
>> On Wed, 20 Feb 2008, Dylan William Hardison wrote:
>>
>>> Spake Eben King on Monday, February 18, 2008 at 01:00PM -0500:
>>>> Port 22 works, but I don't use that anymore (too many hack
>>>> attempts).
>>>
>>> A safe workaround for that is to disable passworded/PAM logins.
>>
>> True, but I like to log in remotely. Sometimes (when I'm feeling
>> frisky) I even run X apps over that connection. I put SSH on an
>> unclaimed port (according to /etc/services). No serious hack attempts
>> yet. I guess the skript kiddies' tools look at 22 by their unchanged
>> defaults.
>
> Wait, you're saying to disallow the password feature, but still allow
> logins for those who've created some magic file, yes? How do I create
> that file?
>
echo auth required pam_listfile.so sense=allow item=user
file=/etc/ssh/ssh_allow_users onerr=fail >>/etc/pam.d/sshd
then.. create /etc/ssh/ssh_allow_users
put a valid username on each line
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:06:25 EDT