[H-GEN] iptables autoblocking
David O'Brien
dob12460 at bigpond.net.au
Thu Jul 21 23:44:29 EDT 2005
On Thursday 21 July 2005 07:44, Troy Piggins wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>
[snip]
>
> > I would really like to be able to automatically block
> > such attacks. I have thought about limiting ssh to
> > certain ip addresses but would prefer to leave it open
> > so I can login from anywhere.
> >
> > Any suggestions would be apreciated.
>
> Firstly, and you hopefully have done this already, is to not permit
> root to login.
>
> Secondly, if it's only you or a couple of user's that use ssh,
> restrict the allowed users to just those few usernames.
>
> /etc/ssh/sshd_config:
> PermitRootLogin no
> AllowUsers anthony
I use root to ssh into my linux box at home to do a port redirect so I can use
xchat/IRC from the office. If I were to change PermitRootLogin to no, will
that stop that? Sounds like it. It's the only way I can use IRC from the
office. I need to do it as root because a "normal" user can't do port
redirects.
cheers
David
--
The need to be right all the time is the biggest bar to new ideas.
Edward de Bono
More information about the General
mailing list