Restricting User Access and Security
Default User Access Configuration
The default Linux configuration which is deployed
- uses the University LDAP directory for user authentication;
- is configured to allow any University user with the standard
LDAP Unix attributes to login but only from a nominated IP address (see below for a suggested alternative configuration).
Default IPTables Restrictions on SSH Access
As deployed, SSH access is blocked to all but a small list of IP addresses (and no other services are running which permit login access).
Recommended Configuration
It is strongly recommended that:
- Access to SSH remains limited to a small list of IP addresses, i.e., to system administrators.
- SSH user access is limited to a short list of usernames via the SSH
AllowUsersfeature, as described in Getting Started.