[CentOS] pop3 attack

Wed Dec 10 00:24:36 UTC 2008
Ned Slider <ned at unixmail.co.uk>

Chris Boyd wrote:
> You can keep compromised accounts from logging in via ssh with the  
> "AllowUsers" option in your /etc/ssh/sshd_config file.  Add that  
> option followed by a list of user names that you want to be able to  
> log in, ex:
> # Only let Fred Guru and Joe Admin in, block anyone
> # else even if they have a valid password.
> AllowUsers fred joe
> And you should also set "PermitRootLogin no" while you are in  
> sshd_config.
> Be sure to do a "service sshd restart" after you change the file, and  
> do a test login _before_ you log out of your current session.  Saves  
> cursing and late night drives to remote servers in case sshd barfs  
> somehow :-)
> --Chris

Nice tip - AllowUsers added to the Wiki page on securing SSH: