tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: shutting out dictionary attacks on ssh passwords



On Mon, Jun 27, 2011 at 04:55:12PM -0400, Steven Bellovin wrote:
> 
> On Jun 27, 2011, at 4:49 50PM, Thor Lancelot Simon wrote:
> 
> > On Mon, Jun 27, 2011 at 04:48:23PM -0400, Jan Schaumann wrote:
> >> "Erik E. Fair" <fair%netbsd.org@localhost> wrote:
> >>> For those of us with public IP addresses, what is the most popular
> >>> and effective way to shut out the various door-knob turners who
> >>> keep trying account/password combinations again ssh and other such
> >>> services?
> > 
> > Turning off PasswordAuthentication works well.
> 
> You have to turn off PAM for sshd as well...

If the bots know how to do ChallengeResponseAuthentication by now,
then yes, you do.

Thor


Home | Main Index | Thread Index | Old Index