> I have 2 questions. One, is there anything you can do to stop these > attempts, other than not running ssh? I use a pam_listfile entry in /etc/pam.d/sshd that reads a file (mine is called /etc/sshusers). If the user requested to log in is not in the file, the authentication attempt is rejected. So, if I had a user named "bob" and someone managed to sniff "bob"'s password during a cleatext protocol authentication session, the user would not be able to log in to the ssh server if "bob" wasn't listed in the file. You can do the same with groups. The main advantage of using this method over the AllowUsers method is that this file can be updated, and sshd does not have to be restarted to re-read the file. You also might look into the pam_access module. I've used that on occasion as well. Hope this helps. Barry