[olug] wrapping sshd on Debian

Jon Larsen relayer at levania.org
Fri Jan 5 15:22:50 UTC 2007 

I find the AllowGroups option works well.

If you have admin users already defined in the 'wheel' group (for sudo) or 
a 'sysadm' group, then use:

AllowGroups wheel sysadm

Then you only need to change the group(s) when your admins change.

Jon L.


On Fri, 5 Jan 2007, nealr wrote:

> Date: Fri, 05 Jan 2007 08:42:44 -0600
> From: nealr <neal at lists.rauhauser.net>
> Reply-To: Omaha Linux User Group <olug at olug.org>
> To: Omaha Linux User Group <olug at olug.org>
> Subject: Re: [olug] wrapping sshd on Debian
> 
> Kenton Brede wrote:
> > On 1/4/07, nealr <neal at lists.rauhauser.net> wrote:
> >   
> >>   I installed something a while back using Debian and I put in our usual
> >> /etc/hosts.allow which only permits stuff we own. Tonight I was doing a
> >> little security audit and I find that the box will talk to any ol'
> >> address via ssh. What does one have to do to make sshd honor
> >> /etc/hosts.allow on Debian(Knoppix)??? I suppose this is something
> >> stupid I'll find right after I hit send but for the moment I am
> >> scratching my head.
> >>     
> >
> > A few thoughts:
> >
> > http://www.snailbook.com/faq/libwrap.auto.html
> >
> > You could use a firewall on the local machine.
> >   
> 
>   I have no desire to fiddle with Linux firewalling - I run one 
> application (ssh) and I secure it with tcp wrappers on BSD - can't 
> understand why its so much more work with Linux, but that does seem to 
> be the Linux configuration pornomantra - longer, harder, and more 
> frequent!!!
> 
>   I really have to recompile sshd to get wrapper support under default 
> Linux installs? That is just sad ...
> 
> > Use the "AllowUsers" or "DenyUsers" in /etc/ssh/sshd_config.
> >   
> 
>    This I was not familiar with and I'm going to go check it out ...
> > hth,
> > Kent
> >
> >   
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
> 

-- 
Jon H. Larsen  - relayer -at- levania -dot- org
Operations Manager, Omaha Linux Users Group - http://www.olug.org/
AnimeSunday.org - http://www.animesunday.org/
ICQ#: 10412618 - http://www.levania.org/~relayer/
GPG/PGP Pubkey - http://www.levania.org/~relayer/relayerpubkey.txt

More information about the OLUG mailing list