Re: Securing SSH: Does disabling password authentication work?
hi ya steve
On Mon, 3 Oct 2005, Steve Block wrote:
> login attempts were reported as one of
>
> faileduser/password from ip.addr.
>
> or
>
> faileduser/none from ip.addr.
>
> >From the logs I've looked at after I changed my SSH configuration, I now
> only see the latter, perhaps because the password authentication method
> is no longer available.
are you saying that you still get ssh log entries ??
<sticking my bloody toe into a hungry shark filled pond>
if so, sshd is still responding to incoming ssh connection on other ports
</toe>
> Of course nothing is bulletproof but am I actually more
> secure than before?
no
... you made no other security changes other than port# which can
trivially be changed to do exactly the same port 22 attacks on other ports
c ya
alvin
Reply to: