| |

Log in / Subscribe / Register

Crying wolf over OpenSSH

Crying wolf over OpenSSH

Posted Jul 20, 2009 14:40 UTC (Mon) by wookey (guest, #5501)
In reply to: Crying wolf over OpenSSH by Baylink
Parent article: Crying wolf over OpenSSH

The thing I find missing for ssh is an easy way to say that only a subset of users on the machine can do remote ssh logins. I have machines with lots of users, but only a few of those need to do remote ssh. And of course those machines are hammered by brute-force attacks all the time, so restricting possible valid logins to the people who know what they are doing and can be relied-upon to have strong passwords would be a huge help.

The normal install is an everyone or nobody affair.

to post comments

Crying wolf over OpenSSH

Posted Jul 20, 2009 14:45 UTC (Mon) by Baylink (guest, #755) [Link] (2 responses)

Well, yeah, but it's pretty trivial to limit it:

http://www.cyberciti.biz/tips/openssh-deny-or-restrict-ac...

Crying wolf over OpenSSH

Posted Jul 20, 2009 21:50 UTC (Mon) by nix (subscriber, #2304) [Link] (1 responses)

Note that in recent versions of OpenSSH you can put these under Match as
well, so different users/groups can be allowed in depending on where they
are connecting from.

Crying wolf over OpenSSH

Posted Jul 21, 2009 3:09 UTC (Tue) by deunan_knute (guest, #290) [Link]

This is a very handy feature that, frustratingly, hasn't made its way into RHEL or CentOS yet.

Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds