On Mon, Oct 03, 2005 at 08:12:32PM +0000, Pollywog wrote:
On 10/03/2005 07:49 pm, Steve Block wrote:I'm afraid you didn't read at all, did you? Start from the top of the thread and read again, and you'll see that my question had nothing to do with port numbers at all. I'm asking if disabling password authentication while leaving keyboard-interactive/pam and publickey methods available would pretty much leave the current automated attacks high and dry since they use password based connection attemps.Disallowing password logins helps make your machine more secure, as does allowing only SSH protocol 2.
Of course, but I'm trying to figure out if there is a solid distinction between "password" and "keyboard-interactive/pam" as it pertains to these scripts. My users and I can still log in by typing our passwords, but that occurs as a keyboard-interactive login (as confirmed by turning verbosity up) rather than a direct password login. I'm really hoping for insight, I guess. -- Steve Block http://ev-15.com/ http://steveblock.com/ scblock@ev-15.com