Menu
▾
▴
Re: [Sshguard-users] protecting a server with password authentication disabled
|
From: <li...@la...> - 2016-04-17 21:36:00
|
If you use a key, is there any advantage to blocking the port 22 password guessers? That is, sshguard does protect other services. I'm thinking an IP that attacks ssh is likely to attack other services. The hacker/bot doesn't know passwords are not used for ssh. Then if the answer is no, once password logins are not allowed on ssh, should the blocking list be wiped? Original Message From: Kevin Zheng Sent: Sunday, April 17, 2016 2:00 PM To: ssh...@li... Reply To: ssh...@li... Subject: Re: [Sshguard-users] protecting a server with password authentication disabled On 04/17/2016 13:24, Henri Shustak wrote: > I have been looking at ways to use SSH Guard to protect a server > which only accepts key based authentication. I did find a discussion > about enabling protection for pre-auth : > > https://sourceforge.net/p/sshguard/mailman/message/32351603/ SSHGuard recognizes attempts to log into a server that is configured to disallow all but key logins (preauth failures) as attacks. > Basically, I am curious to know if there is a simple option to enable > protection for SSHD which only accept key-based authentication or if > the recommended approach is to dive in and start modifying various > files. You need to modify sshd_config to disallow password logins. Check your operating system vendor's documentation for how to do so. It varies between operating systems, but it generally is either "ChallengeResponseAuthentication No" or "PasswordAuthentication no". Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Sshguard-users mailing list Ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
