On Mon, 2006-01-16 at 09:30 -0600, Kevin K wrote:
On Jan 16, 2006, at 5:19 AM, Tom Brown wrote:
how can i stop root logging into ssh ? I presume there is a setup file somewhere?
thanks
In addition to the suggestion on how to turn off root, you may want to also explicitly allow only certain users.
AllowUsers username
To even tighten it down even more.
You wouldn't believe the number of attempts I get on my DSL line to login.
There is also an AllowGroups option. I add this:
AllowGroups sshusers
Then I create a group called sshusers and add all users who I want to have ssh access to that group.
I also listen on a different port (like 2345) and not on the standard port 22 (at least not from outside the firewall). You can do this if you have an external firewall (to /etc/sshd_config):
Port 22 Port 2345
Then you can forward port 2345 from the firewall into 2345 on this machine ... and inside the firewall still use normal ssh (port 22) but from outside, you would ssh into 2345.
Hardly ever get scan hits now for ssh.