On Sat, Aug 04, 2001 at 12:30:20AM +0200, Tobias wrote:
> Hello!
>
> you can disable password login in sshd and only run ssh with public
> key authentication, just don't forget to put a root owned non-writable
> folder or file called ".ssh" and ".ssh2" in the accounts you do not wish
> people to log in to.
>
Putting a root-owned file in a directory owned by a user is not much help
against a UNIX savvy-user. The user would still be able to rename the
file(s). You could create the .ssh / .ssh2 directories or files (owned by
root), and then use the ``chattr +i <dirname>'' command on each directory
or file to protect it. This is for ext2fs only, but other filesystems may
have equivalent commands.
[FYI, chattr +i sets the immutable flag in the ext2 filesystem, rendering
the file unchangable. chattr -i will remove the flag. Read the man page
for more info.]
Just my $0.02 worth,
--
Eli Boaz ([EMAIL PROTECTED])
GNU/Linux: Free your computer from bad software. http://www.debian.org/
PGP signature
