Hosting Provided By

RE: restricting originating IP per user

From: Attica <attica(at)stackheap.org>
Date: Thu Dec 12 2002 - 16:04:02 EST

On Wed, 4 Dec 2002, Kim, Anthony wrote:

> Actually, this works for me (OpenSSH-3.4p1)

This is very cool and I'm now using this. However, while this does restrict which key a user can use for password-less authentication, the password itself can be brute forced right?

For example, let's say I need to have a particular IP scp as root for a nightly backup (BackupPC to be specific). It can't have a passphrase, which is fine, but I do need to make "PermitRootLogin yes" in my sshd_config file. Now can't people try to brute force root's password?

I'm betting there's a way to specify that root cannot log in via password (i.e. only public-key) without affecting mere mortal accounts, but I don't know how to do it offhand...

Attica Received on Fri Dec 13 13:05:58 2002

This message: [ Message body ]
Next message: Dack: "Re: Passwordless ssh, "once and for all"..."
Previous message: s c o t t: "Re: OpenSSH protocol 2 won't use identity file"
In reply to Kim, Anthony: "RE: restricting originating IP per user"
Reply: Kim, Anthony: "RE: restricting originating IP per user"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT

Do you need help?