On Sat, 9 Jun 2001, A.J. Werkman wrote:
> Configuring SSH I was wondering what is the safest way to restrict access > to my linux box. > > Not letting hosts access the box at all is the best answer, I know ;) but > this is not the answer I am looking for. > > If I want sshd only to accept connections from known hosts where do I > configure that. > > I tried to put these hosts in '/etc/ssh_know_hosts' but still other hosts > not in this file can connect. > > Is in this respect sshd safe enough to have the service port made > accessible from the internet and grant only access lets say on a per person > basis?? > > Thanks in advance, Koos. > > One way to safeguard things is to set PasswordAuthentication to NO, and limit connections to PubkeyAuthentication. That way, only users with there publick key in $HOME/.ssh/authorized_keys can connect.
What you are realy looking for is the equivelent of the StrictHostKeyChecking for sshd. This uses the /etc/ssh/ssh_known_hosts file, the $HOME/.ssh/known_hosts file, and the $HOME/.ssh/known_hosts2 file when making connections to other machines to make sure you are realy talking to the correct machine.