Re: Securing SSH: Does disabling password authentication work?
On Mon, Oct 03, 2005 at 10:14:58AM -0500, Steve Block wrote:
> I looked at my logs and found that every one of these attacks used
> password authentication when trying to authenticate to the server.
> This gave me the idea that I could disable password authentication
> while leaving the keyboard-interactive (through pam) and public key
> based systems active.
>
> Am I right in assuming that the password based scripted login attempts
> will fail even if they somehow (heaven forbid) guess a valid password?
> Is there an easy way to test this?
Are you still getting a long list of dictionary attack attempts in your
logs?
--
Jon Dowland
http://jon.dowland.name/
Reply to: