[lug] Personal Server Behind DSL Router

Ken MacFerrin lists at macferrin.com
Thu Jan 11 22:11:09 MST 2007

David L. Anselmi wrote:
> Ken MacFerrin wrote:
>>>> Are there any best practices or configurations to
>>>> limit brute force attacks on open ports like ssh? 
>>> The only one I've ever needed is to move it off the default port.
>> If you have a small ssh user list then I'm a strong believer in the
>> "AllowUsers" config option as well.
> A small user list period accomplishes the same thing.  But AllowUsers
> isn't a bad thing.

The plus to "AllowUsers" is that it also blocks attempts against all
your system accounts as well (not that they shouldn't already have a
/bin/false shell anyway).

More information about the LUG mailing list