From owner-freebsd-questions@FreeBSD.ORG Sun Mar 26 20:11:59 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E18C16A400 for ; Sun, 26 Mar 2006 20:11:59 +0000 (UTC) (envelope-from northg@shaw.ca) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5389643D45 for ; Sun, 26 Mar 2006 20:11:58 +0000 (GMT) (envelope-from northg@shaw.ca) Received: from pd4mr3so.prod.shaw.ca (pd4mr3so-qfe3.prod.shaw.ca [10.0.141.214]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWR00J5I40DPY90@l-daemon> for freebsd-questions@freebsd.org; Sun, 26 Mar 2006 13:09:49 -0700 (MST) Received: from pn2ml10so.prod.shaw.ca ([10.0.121.80]) by pd4mr3so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWR009RD40DWK60@pd4mr3so.prod.shaw.ca> for freebsd-questions@freebsd.org; Sun, 26 Mar 2006 13:09:49 -0700 (MST) Received: from [192.168.1.101] ([24.85.136.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWR001WH40C57C0@l-daemon> for freebsd-questions@freebsd.org; Sun, 26 Mar 2006 13:09:49 -0700 (MST) Received: from 127.0.0.1 (AVG SMTP 7.1.385 [268.3.1/292]); Sun, 26 Mar 2006 12:09:50 -0800 Date: Sun, 26 Mar 2006 12:09:50 -0800 From: Graham North In-reply-to: <1791241722.20060326215910@rulez.sk> To: Daniel Gerzo Message-id: <4426F50E.3050801@shaw.ca> MIME-version: 1.0 Content-type: multipart/mixed; boundary="=======AVGMAIL-4426F50E60AA=======" X-Accept-Language: en-us, en References: <4426F0EB.5040109@shaw.ca> <1791241722.20060326215910@rulez.sk> User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: mark@mkproductions.org, questions freebsd Subject: Re: Tightening up ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2006 20:11:59 -0000 --=======AVGMAIL-4426F50E60AA======= Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi Daniel Thank you! If I read the manpage correctly, invoking AllowUsers automatically changes the default behaviour and restricts access to only those users specificied. That fits my needs exactly. (or at least my current perceived needs :--)) Cheers, Graham/ Daniel Gerzo wrote: >Hi Graham, > >Sunday, March 26, 2006, 9:52:11 PM, you wrote about: > > > >>Does this mean that there is a way to run ssh, but only allow >>certain users to use it. My default seems to have been that if >>someone has a username and password they can access ssh (except root >>as "PermitRootLogin no" is the default). The ssh port seems to be >>the most heavily attacked one on my machine and so I recently took >>to blocking port 22. My preference would be to enable it to only >>one user and give them an obscure username and strong password. >>Root is not currently allowed access by default in the setup. >> >> > >check the AllowUsers and AllowGroups directive in sshd_config(5) > > > -- Kindness can be infectious - try it. Graham North Vancouver, BC www.soleado.ca --=======AVGMAIL-4426F50E60AA======= Content-Type: text/plain; x-avg=cert; charset=us-ascii Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Description: "AVG certification" No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 3/24/2006 --=======AVGMAIL-4426F50E60AA=======--