D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Securing SSH

 

William Fidell <william@xxxxxxxxxxxx> writes:

> But in common with other repliers I would not allow root login via ssh. 
>    Or, in fact, allow root to log in using any method.  Using the 
> public key type login is sometimes good, and satisfying to set up in a 
> geeky way.

And a great timesaver as well, especially when using scp, and other 
tools that do similar (some setups of CVS and SVN especially)

> Tying down the ip address from which you can log in from has massive 
> security advantages.  That is until you have to log in from another ip 
> address, for in the case of a emergency, then you are shafted.

Nah, then you bounce through another authorised system that is set up 
differently[1], we have to do it all the time at work.

[1] In our case, through my home box, which has logins disabled, and
one non-root user account.

-- 
James                                   jamesk[at]homeric[dot]co[dot]uk

Spin: encrypt the data holds, batton down thar security patches, 
argh thar be spyware abound. - from bash.org

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html