[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing SSH: Does disabling password authentication work?

On Mon, Oct 03, 2005 at 04:54:14PM +0100, Jon Dowland wrote:
On Mon, Oct 03, 2005 at 10:14:58AM -0500, Steve Block wrote:
I looked at my logs and found that every one of these attacks used
password authentication when trying to authenticate to the server.
This gave me the idea that I could disable password authentication
while leaving the keyboard-interactive (through pam) and public key
based systems active.

Am I right in assuming that the password based scripted login attempts
will fail even if they somehow (heaven forbid) guess a valid password?
Is there an easy way to test this?

Are you still getting a long list of dictionary attack attempts in your

Good question. I looked at the logwatch analysis from before I made the
change and after. Before I made the change the list of failed or illegal
login attempts were reported as one of

faileduser/password from ip.addr.

faileduser/none from ip.addr.

From the logs I've looked at after I changed my SSH configuration, I now
only see the latter, perhaps because the password authentication method
is no longer available.

So does this seem like a viable way to avoid the current generation of
SSH attacks? Of course nothing is bulletproof but am I actually more
secure than before?

Steve Block

Reply to: