Re: openssh concerns

看板FB_security作者時間16年前 (2009/10/07 06:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/5 (看更多)
<<On Tue, 6 Oct 2009 15:49:16 -0400, jhell <jhell@DataIX.net> said: > Don't forget about making good use of the following configuration > turntables. You can enforce a default policy of deny by just saying that a > user must be in the group of AllowGroups. This does enforce a little bit > more of a administrative overhead but that's for your staff and policy to > decide. Indeed, for a personal server that only I ever log in to, one of the first things that I do is add "AllowUsers wollman" to /usr/local/etc/ssh/sshd_config. That's just a belt-and-suspenders thing, though, to make sure that I don't fat-finger the password file or something. I generally ignore the ssh "invalid user" complaints -- I have a modified version of /etc/periodic/security/800.loginfail that filters them out -- because they're totally irrelevant and have no impact on security. That allows me to pay attention to the (very occasional) password failures on real user accounts. -GAWollman _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 wollman. 的文章
文章代碼(AID): #1AoxuVB2 (FB_security)
更多 wollman. 的文章
文章代碼(AID): #1AoxuVB2 (FB_security)