Re: [tlug] hello from a new / old member

[Evan Monroig <evan.monroig@example.com>]

Edward Middleton <edward@example.com> writes:
> Godwin Stewart wrote:
>> On Thu, 09 Mar 2006 16:26:25 +0900, "Stephen J. Turnbull"
>> <stephen@example.com> wrote:
>>   
>>> Mostly I just don't run servers, and firewall most of those that I do
>>> run, except sshd and httpd.  (The U MXes for me so I don't need a
>>> 'net-facing MX.)  I got sick of the ssh password crackers, so now only
>>> my home IP (which is dynamic but only changes with the phases of the
>>> moon, if that often) is allowed in.  I still see them banging on the
>>> door in the TCP logs, of course.
>>>     
>> Security by obscurity isn't always the best solution but it appears to work
>> here. Run sshd on a non-standard port and have done with it.
>>   
> Why not just block passwords and use keys.

How do you do that?

Actually I am trying to secure the sshd daemon on my server, and I
couldn't figure out how to block passwords.

In the man page for sshd_config it is written:

     PasswordAuthentication
             Specifies whether password authentication is allowed.  The
             default is ``yes''.

But if I set that to "no", I can still login with my password.

I saw also the "UsePAM" setting, but it seems to control not only
password authentication, but "all authentication types", as the man page
says.

Or am I wrong?

Evan

Attachment: pgp00003.pgp
Description: PGP signature