I think your sshd needs to be compiled with -lpam support for this. "Safest" includes all the "usual" measures you would take for securing network access ssh: phrases instead of single words, pubkeys instead of passwords, not allowing root access, firewall only allowing access from known accounts (or ranges, and only if possible), PAM (listfile) only allowing access to known accounts, etc etc.
|