From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 26 19:59:18 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DA69916A400
	for <freebsd-questions@freebsd.org>;
	Sun, 26 Mar 2006 19:59:18 +0000 (UTC) (envelope-from danger@rulez.sk)
Received: from virtual.micronet.sk (smtp.micronet.sk [84.16.32.237])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6879D43D49
	for <freebsd-questions@freebsd.org>;
	Sun, 26 Mar 2006 19:59:17 +0000 (GMT) (envelope-from danger@rulez.sk)
Received: from localhost (localhost [127.0.0.1])
	by virtual.micronet.sk (Postfix) with ESMTP id 4BCA410E514;
	Sun, 26 Mar 2006 22:00:35 +0200 (CEST)
Received: from virtual.micronet.sk ([127.0.0.1])
	by localhost (virtual.micronet.sk [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 79973-08; Sun, 26 Mar 2006 22:00:34 +0200 (CEST)
Received: from danger.mcrn.sk (danger.mcrn.sk [84.16.37.254])
	by virtual.micronet.sk (Postfix) with ESMTP id 0299D10E5C5;
	Sun, 26 Mar 2006 22:00:32 +0200 (CEST)
Date: Sun, 26 Mar 2006 21:59:10 +0200
From: Daniel Gerzo <danger@rulez.sk>
X-Mailer: The Bat! (v3.62.14) Professional
X-Priority: 3 (Normal)
Message-ID: <1791241722.20060326215910@rulez.sk>
To: Graham North <northg@shaw.ca>
In-Reply-To: <4426F0EB.5040109@shaw.ca>
References: <4426F0EB.5040109@shaw.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at virtual.micronet.sk
Cc: mark@mkproductions.org, questions freebsd <freebsd-questions@freebsd.org>
Subject: Re: Tightening up ssh
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Daniel Gerzo <danger@rulez.sk>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2006 19:59:18 -0000

Hi Graham,

Sunday, March 26, 2006, 9:52:11 PM, you wrote about:

> Does this mean that there is a way to run ssh, but only allow
> certain users to use it.   My default seems to have been that if
> someone has a username and password they can access ssh (except root
> as "PermitRootLogin no" is the default).   The ssh port seems to be
> the most heavily attacked one on my machine and so I recently took
> to blocking port 22.   My preference would be to enable it to only
> one user and give them an obscure username and strong password. 
> Root is not currently allowed access by default in the setup.

check the AllowUsers and AllowGroups directive in sshd_config(5)

-- 
Best Regards,

 DanGer, ICQ: 261701668  | e-mail protecting at: http://www.2pu.net/
 http://danger.rulez.sk  | proxy list at:        http://www.proxy-web.com/
                         | FreeBSD - The Power to Serve!

[ "Garrick Utley in Allie Sheedy's Frankenstein..."  Tom Servo ]