2014-01-31 Scott Ferguson <scott.ferguson.debian.u...@gmail.com>: > On 31/01/14 17:56, Raffaele Morelli wrote: > > 2014-01-31 Scott Ferguson <scott.ferguson.debian.u...@gmail.com > > <mailto:scott.ferguson.debian.u...@gmail.com>>: > > > > On 31/01/14 15:29, Raffaele Morelli wrote: > > > > > > > > > > > > 2014-01-30 Brian <a...@cityscape.co.uk > > <mailto:a...@cityscape.co.uk> <mailto:a...@cityscape.co.uk > > <mailto:a...@cityscape.co.uk>>>: > > > > > > On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote: > > > > > > > On Tue, 28 Jan 2014 18:42:34 +0000 > > > > Brian <a...@cityscape.co.uk <mailto:a...@cityscape.co.uk> > > <mailto:a...@cityscape.co.uk <mailto:a...@cityscape.co.uk>>> wrote: > > > > > > > > > The AllowUsers directive is a legitimate way to restrict > ssh > > > logins to > > > > > certain users. However, I do not see what (ssh keys + > > AllowUsers) > > > > > brings to the party that (password + AllowUsers) doesn't. > > > > > <snipped> > > > > Agree but this is not my point in the thread. > > It's not your thread. > > > It's bad habit to split a comment into little pieces losing the whole > point. > > Absolutely - which is *exactly* what happens when the OP asks about > security and discussion devolves into a discussion about SSH. Security > requires a *comprehensive* approach involving risk assessment, risk > management (distribute the risk) and OpSec. Hence my original suggestion > to follow the Debian Security guide which puts SSH into context. Brian > "gets it", you don't appear to.
Security requires knowledge, you made no such discovery. But this is a user list, not a teaching room and if we were to apply the rule: "read on the manual" for everything then this list would not exist. IMHO, when the op it's somewhat misleaded into believe that A security it's not better than B security when the opposite it's true, it's quite clear that someone else missed both point and the context. Regards
