Re: Securing SSH: Does disabling password authentication work?
hi ya steve
On Mon, 3 Oct 2005, Steve Block wrote:
> login attempts were reported as one of
> faileduser/password from ip.addr.
> faileduser/none from ip.addr.
> >From the logs I've looked at after I changed my SSH configuration, I now
> only see the latter, perhaps because the password authentication method
> is no longer available.
are you saying that you still get ssh log entries ??
<sticking my bloody toe into a hungry shark filled pond>
if so, sshd is still responding to incoming ssh connection on other ports
> Of course nothing is bulletproof but am I actually more
> secure than before?
... you made no other security changes other than port# which can
trivially be changed to do exactly the same port 22 attacks on other ports