Re: Securing SSH: Does disabling password authentication work?
On Mon, Oct 03, 2005 at 08:12:32PM +0000, Pollywog wrote:
On 10/03/2005 07:49 pm, Steve Block wrote:
I'm afraid you didn't read at all, did you? Start from the top of the
thread and read again, and you'll see that my question had nothing to do
with port numbers at all. I'm asking if disabling password
authentication while leaving keyboard-interactive/pam and publickey
methods available would pretty much leave the current automated attacks
high and dry since they use password based connection attemps.
Disallowing password logins helps make your machine more secure, as does
allowing only SSH protocol 2.
Of course, but I'm trying to figure out if there is a solid distinction
between "password" and "keyboard-interactive/pam" as it pertains to
these scripts. My users and I can still log in by typing our passwords,
but that occurs as a keyboard-interactive login (as confirmed by turning
verbosity up) rather than a direct password login.
I'm really hoping for insight, I guess.