-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Wasmuth wrote: > I've also added "Protocol 2" to omit ssh 1 and I set UsePam to no > because I wasn't able to prohibit password authentication with PAM > enabled.
I'm currently not planning on using PAM, but I'll disable it anyway - that way if I do enable PAM in the future, I won't overlook that loophole. > Restricting the allowed users is probably a good idea, too: > > AllowUsers you Ah, good idea. > Also I am using iptables to limit the per-ip connection tries in a given > amount of time: <http://www.debian-administration.org/articles/187>. Thanks for the link. I haven't read that page in detail, but at first blush it looks like that's a defense against a dictionary attack. If that's the case, wouldn't disallowing password authentication suffice? Or does this also defend against a DoS attack? - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFF4LwHLdDyDwyJw+MRAmeSAJ9Cb3OQaMcsb/owHd/B86pl947w7ACcDsQW wz04/mkbQWPK4DLCGmQwPdw= =Q0OY -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
