[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing SSH: Does disabling password authentication work?

hi ya steve

On Mon, 3 Oct 2005, Steve Block wrote:

> login attempts were reported as one of
> faileduser/password from ip.addr.
> or 
> faileduser/none from ip.addr.
> >From the logs I've looked at after I changed my SSH configuration, I now
> only see the latter, perhaps because the password authentication method
> is no longer available.

are you saying that you still get ssh log entries ??

<sticking my bloody toe into a hungry shark filled pond>
if so, sshd is still responding to incoming ssh connection on other ports

> Of course nothing is bulletproof but am I actually more
> secure than before?


... you made no other security changes other than port# which can
trivially be changed to do exactly the same port 22 attacks on other ports

c ya

Reply to: