[TCLUG] Securing SSH/SCP

[Shawn Fertch]

  I'm running OpenSSH 2.9p1, and would like to figure out a way to do the
following:

1)  Prevent root from logging in directly from an SSH connection.  I'm
assuming this might be possible via the hosts.deny as well as the
hosts.allow?  If I set the securetty, I believe that only prevents telnet
only if console is set.  Or, at least on HP's that's been my experience. 
Preferably, I'd like to have a regular user log in, then su if need be.

2)  I want to run cronjobs that do scp copies to backup remote files on
other servers.  However, I'm not sure how to do this.  Whenever I run
scp, I get prompted for a password.  I'm assuming that by default, my
scripts will run into this issue as well.

Could anyone point me to a place that might have documentation on this? 
I believe that I will also need to upgrade my OpenSSH as there is a
vulnerability in this version.  Unfortunately, I can't seem to connect to
Slack's ftp site.  Anyone have any luck getting there?

Shawn