[FreeNX-kNX] preventing data transfers over SSH, yet still allow NX sessions.
Chris
chris at ccburton.com
Thu Aug 1 14:03:53 UTC 2013
freenx-knx-bounces at kde.org wrote on 01/08/2013 14:14:39:
> Hi,
>
> Maybe I found a better way, at least for my case. I edited
> /etc/ssh/sshd_config with these fields:
>
> PermitRootLogin without-password
Hmm, your choice, but I think root should never log in.
> PasswordAuthentication no
> Match Address 127.0.0.1
> PasswordAuthentication yes
>
> In this way I allow password-authentication only from localhost (so
> from the nx shell), and key-based authentication from the outside.
> I'm providing to the users a very limited Fluxbox-based graphical
> interface and I'm not going to give them access to the local shell.
> In this way they aren't going to be able to copy their ssh keys locally.
I haven't ever bothered moving over to "match address"
(call me over cautious if you wish)
but it certainly saves having two sets of config files and startup
scripts.
If I was you I'd keep any match(es) right at the end of the
sshd_config file.
Watch out for them emailing themselves . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20130801/cd05b4a1/attachment.html>
More information about the FreeNX-kNX
mailing list