Am 09. Dec, 2004 schwätzte Robert Ambrose so:

> Another $.02:
>
> In addition to other security measures for ssh discussed in this thread:
>
> I disable root logins for sshd.  Set via the following parameter in
> sshd_config: PermitRootLogin no

Yeah, it really annoys me that they continue to leave root logins on by
default.

I also turn on X forwarding :).

> I also disable password authentication for sshd so only users with their
> public key installed can gain access.  This is also controlled via
> sshd_config: PasswordAuthentication no

This I don't do. I would like to move to one time passwords, though.

Here's a quote I from a friend:

<jco-work> Wow since I blocked china at my firewall at home, the number of
+password scans and junk mail has dropped dramaticly

So, maybe just blocking .cn and the other countries June mentioned for ssh
and other authenticated services will help.

Presumably she knows whether or not she'll be in .cn in the next few days,
which gives time to open up the firewall if necessary :).

ciao,

der.hans
-- 
#  https://www.LuftHans.com/    http://www.AZOTO.org/
#  Knowledge is useless unless it's shared. - der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss