[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing SSH: Does disabling password authentication work?

On Mon, Oct 03, 2005 at 10:47:27AM -0700, Alvin Oga wrote:


hi ya steve

On Mon, 3 Oct 2005, Steve Block wrote:


login attempts were reported as one of

faileduser/password from ip.addr.
or 
faileduser/none from ip.addr.

>From the logs I've looked at after I changed my SSH configuration, I now
only see the latter, perhaps because the password authentication method
is no longer available.


are you saying that you still get ssh log entries ??

<sticking my bloody toe into a hungry shark filled pond>
if so, sshd is still responding to incoming ssh connection on other ports
</toe>


Of course nothing is bulletproof but am I actually more
secure than before?


no

... you made no other security changes other than port# which can
trivially be changed to do exactly the same port 22 attacks on other ports


I'm afraid you didn't read at all, did you? Start from the top of the
thread and read again, and you'll see that my question had nothing to do
with port numbers at all. I'm asking if disabling password
authentication while leaving keyboard-interactive/pam and publickey
methods available would pretty much leave the current automated attacks
high and dry since they use password based connection attemps.

--
Steve Block
http://ev-15.com/
http://steveblock.com/
scblock@ev-15.com
Reply to: