pitr.net

If you really need to keep your sshd running on a publicly accessible port and IP, this is a piece of configuration

that adds a tiny bit of extra security to your server. By specifying which usergroups are allowed to actually use ssh, you are guarding the default (system) accounts (which shouldn’t have easily guessable passwords in the first place!) with an extra layer.

Add a new group:

addgroup sshusers

Add the users which are allowed to connect using ssh:

vigr (and add the users to the group)

Add the following line to /etc/ssh/sshd_config:

AllowGroups sshusers

And restart sshd. Make sure that you have a working ssh session when testing out the changes!

Trackback URI | Comments RSS