Chris Boyd wrote: > > You can keep compromised accounts from logging in via ssh with the > "AllowUsers" option in your /etc/ssh/sshd_config file. Add that > option followed by a list of user names that you want to be able to > log in, ex: > > # Only let Fred Guru and Joe Admin in, block anyone > # else even if they have a valid password. > AllowUsers fred joe > > And you should also set "PermitRootLogin no" while you are in > sshd_config. > > Be sure to do a "service sshd restart" after you change the file, and > do a test login _before_ you log out of your current session. Saves > cursing and late night drives to remote servers in case sshd barfs > somehow :-) > > --Chris > Nice tip - AllowUsers added to the Wiki page on securing SSH: http://wiki.centos.org/HowTos/Network/SecuringSSH Thanks! Ned