Posted Feb 15, 2007 12:43 UTC (Thu) by minichaz
In reply to: Linux botnets
Parent article: Linux botnets
I agree with using keys (ideally with passphrases too) but there's no need to allow root logins through SSH, particularly on internet facing servers. Set "PermitRootLogin no" and use "AllowGroups" or "AllowUsers" to prevent attacks against other accounts which should never connect over SSH.
to post comments)