Re: Securing SSH: Does disabling password authentication work?

To: debian-user@lists.debian.org
Subject: Re: Securing SSH: Does disabling password authentication work?
From: Jon Dowland <lists@alcopop.org>
Date: Mon, 3 Oct 2005 16:54:14 +0100
Message-id: <[🔎] 20051003155414.GI25793@alcopop.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20051003151458.GC17122@fornost.com>
References: <[🔎] 20051003151458.GC17122@fornost.com>

On Mon, Oct 03, 2005 at 10:14:58AM -0500, Steve Block wrote:
> I looked at my logs and found that every one of these attacks used
> password authentication when trying to authenticate to the server.
> This gave me the idea that I could disable password authentication
> while leaving the keyboard-interactive (through pam) and public key
> based systems active.
> 
> Am I right in assuming that the password based scripted login attempts
> will fail even if they somehow (heaven forbid) guess a valid password?
> Is there an easy way to test this? 

Are you still getting a long list of dictionary attack attempts in your
logs?

-- 
Jon Dowland
http://jon.dowland.name/

Reply to:

Follow-Ups:
- Re: Securing SSH: Does disabling password authentication work?
  - From: Steve Block <scblock@ev-15.com>

References:
- Securing SSH: Does disabling password authentication work?
  - From: Steve Block <scblock@ev-15.com>

Prev by Date: Re: compiling gcc
Next by Date: Re: Re: installing D-Link DWL-650 (16-bit) on sid w/ 2.6.12 kernel
Previous by thread: Securing SSH: Does disabling password authentication work?
Next by thread: Re: Securing SSH: Does disabling password authentication work?
Index(es):
- Date
- Thread