> > Failing that, is there any way to setup OpenSSH to
> > permit root logins via eth1, but not via eth0? I don't
>> ListenAddress
> Specifies the local addresses sshd should listen on.
> The follow-
> ing forms may be used:
>> should do it if both interfaces are up and have IP addresses
> assigned each.
Not quite what I want, since I want to be able to SSH in from
both the Internet and the LAN. However, I don't want to allow
root password guessing from the Internet.
But your email did prompt me to look at the sshd_config manpage
again, and I can use "PermitRootLogin without-password" to do
what I want. When this, I can turn off password-based logins
for root, preventing brute force attempts on the root password,
but allow authorized-key-based logins, which will make life
nice on the LAN side.
Later,
Kenn
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
