-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


In sshd_config (should be /etc/ssh/sshd_config)
edit the following line:
PermitRootLogin  yes
change it to:
PermitRootLogin  no
Keep in mind that you will have to log in as some other user and su to root.

Mike Hoy wrote:
| Hi,
|
| i just set up a new server with FC3. after reading george toft's
| presentation on security i thought it would be a good idea. i had gentoo
| installed and probably it was being hacked all the time, i don't know.
|
| today in my new install of FC3 i was told as root that i 'had new
| messages', in /var/spool/mail/root
| so i checked it out
| somebody has been trying to ssh into my acct with all kinds of usernames
| and apparently with no success.  i'm told this is called ssh hammering
| and i need to setup iptables. I need to get started on tightening up
| security on this thing. My server runs a website and ssh will need to be
| running.
| my question: (i'm sure more to come)
| I was told I can set ssh up so that root can only access ssh from
| 127.0.0.1. how do i go about doing that. also how can i make my personal
| username have access to /whatever/apache/htdocs/* so I don't have to be
| root to edit things.
|
| mike hoy
| ---------------------------------------------------
| PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
| To subscribe, unsubscribe, or to change  you mail settings:
| http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCcOrFGzHR7DxVKWIRAhlIAJ901jvC+jxXa7W7nK8buTZHQW0tOwCcCkfV
EtOmsEyWFccrKCa641cLLtk=
=wurn
-----END PGP SIGNATURE-----
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss