On Tue 28 Jan 2014 at 15:31:25 +0100, Raffaele Morelli wrote: > 2014-01-28 Joe <j...@jretrading.com> > > > And so was Raffaele's reply. If you will be using ssh from outside, set > > up keys and disable the use of passwords. Use a good password or phrase > > on the private key, and keep it on a USB stick away from the laptop. > > Laptops are easy to lose. If you need to use Windows, then make the > > keys in puTTY, because as far as I know, puTTY still can't use OpenSSH > > private keys but can make public ones. > > > > Also AllowUsers directive in sshd_config should be set because If a user is > not listed in there, login attempts stop suddenly at [preauth] level and > you can use the form user@domain to futher restrict access.
The AllowUsers directive is a legitimate way to restrict ssh logins to certain users. However, I do not see what (ssh keys + AllowUsers) brings to the party that (password + AllowUsers) doesn't. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140128184234.gl3...@copernicus.demon.co.uk
