Restricting User Access and Security

Default User Access Configuration

The default Linux configuration which is deployed

  • uses the University LDAP directory for user authentication;
  • is configured to allow any University user with the standard
    LDAP Unix attributes to login but only from a nominated IP address (see below for a suggested alternative configuration).

Default IPTables Restrictions on SSH Access

As deployed, SSH access is blocked to all but a small list of IP addresses (and no other services are running which permit login access).

Recommended Configuration

It is strongly recommended that:

  • Access to SSH remains limited to a small list of IP addresses, i.e., to system administrators.
  • SSH user access is limited to a short list of usernames via the SSH AllowUsers feature, as described in Getting Started.

Last modified on March 5, 2015 at 10:55 am by Site Admin