Posted by: Anonymous
on January 28, 2008 11:29 AM
To add a best practice: I enabled ssh access, but for sftp only. Apart from all the low-hanging fruit as described above, I added some more restrictions but still fulfilling my demand. Interactive ssh access is not allowed. I also have set-up a chroot jail for the _only_ user allowed to login via ssh (key authentication only). As I am the only person logging in remotely, I am running the server on some arbitrary selected port number. This saves the system from automated login attempts from all over the world when it would have been running at port 22.