Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] hello from a new / old member

Edward Middleton <> writes:
> Godwin Stewart wrote:
>> On Thu, 09 Mar 2006 16:26:25 +0900, "Stephen J. Turnbull"
>> <> wrote:
>>> Mostly I just don't run servers, and firewall most of those that I do
>>> run, except sshd and httpd.  (The U MXes for me so I don't need a
>>> 'net-facing MX.)  I got sick of the ssh password crackers, so now only
>>> my home IP (which is dynamic but only changes with the phases of the
>>> moon, if that often) is allowed in.  I still see them banging on the
>>> door in the TCP logs, of course.
>> Security by obscurity isn't always the best solution but it appears to work
>> here. Run sshd on a non-standard port and have done with it.
> Why not just block passwords and use keys.

How do you do that?

Actually I am trying to secure the sshd daemon on my server, and I
couldn't figure out how to block passwords.

In the man page for sshd_config it is written:

             Specifies whether password authentication is allowed.  The
             default is ``yes''.

But if I set that to "no", I can still login with my password.

I saw also the "UsePAM" setting, but it seems to control not only
password authentication, but "all authentication types", as the man page

Or am I wrong?


Attachment: pgp00003.pgp
Description: PGP signature

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links