1 |
On Fri, 16 Jan 2009 21:28:07 -0800 |
2 |
Grant <emailgrant@×××××.com> wrote: |
3 |
|
4 |
> Should I do that via an ssh config setting, in shorewall, or somewhere else? |
5 |
|
6 |
I believe the right way would be to add 'account required |
7 |
pam_access.so' line to /etc/pam.d/system-auth and define login |
8 |
restrictions in /etc/securety/access.conf (it's also quite well |
9 |
documented). |
10 |
|
11 |
That way you'll block ssh/ftp/mail etc logins for that account, which |
12 |
should also be prone to brutforce attacks because of weak password. |
13 |
|
14 |
The catch is, of course, that you should have pam on your system ;) |
15 |
|
16 |
-- |
17 |
Mike Kazantsev // fraggod.net |