Re: Securing SSH: Does disabling password authentication work?

To: Steve Block <scblock@ev-15.com>
Cc: debian-user@lists.debian.org
Subject: Re: Securing SSH: Does disabling password authentication work?
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Mon, 3 Oct 2005 10:47:27 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1051003104355.10206C-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20051003163045.GD17122@fornost.com>

hi ya steve

On Mon, 3 Oct 2005, Steve Block wrote:

> login attempts were reported as one of
> 
> faileduser/password from ip.addr.
> 
> or 
> 
> faileduser/none from ip.addr.
> 
> >From the logs I've looked at after I changed my SSH configuration, I now
> only see the latter, perhaps because the password authentication method
> is no longer available.

are you saying that you still get ssh log entries ??

<sticking my bloody toe into a hungry shark filled pond>
if so, sshd is still responding to incoming ssh connection on other ports
</toe>

> Of course nothing is bulletproof but am I actually more
> secure than before?

no

... you made no other security changes other than port# which can
trivially be changed to do exactly the same port 22 attacks on other ports

c ya
alvin

Reply to:

Follow-Ups:
- Re: Securing SSH: Does disabling password authentication work?
  - From: Steve Block <scblock@ev-15.com>
- Re: Securing SSH: Does disabling password authentication work?
  - From: Glenn English <ghe@slsware.com>

References:
- Re: Securing SSH: Does disabling password authentication work?
  - From: Steve Block <scblock@ev-15.com>

Prev by Date: changing default document root directory in apache 2
Next by Date: MLB PLAYOFF PACKAGE!
Previous by thread: Re: Securing SSH: Does disabling password authentication work?
Next by thread: Re: Securing SSH: Does disabling password authentication work?
Index(es):
- Date
- Thread