G T Smith wrote:
Dominique Leuenberger wrote:
On 11/28/2008 at 1:47 PM, G T Smith <grahamsmith@gandalfsemporium.homelinux.com> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Bob Williams wrote:
On Thursday 27 November 2008 15:03:29 David C. Rankin wrote:
James Knott wrote: To turn off password checking, which of the following do I need to modify in sshd.config?
I am not sure this is a good idea. Just because you have moved the default port to a different value does *not* mean you should disable authentication. A more sophisticated scan is quite likely to identify
I rather assume the user wanted to disabled password authentication in favor of keybased authentication. If you read the thread in context, this is at least what the story suggests.
I have this setup on my server and would not be afraid of it's security.. or not more as with pw auth. Having keypair auth and no pass sounds pretty good practice to me.
Dominique
In earlier mail in the thread David stated something about needing just needing to turn password authentication off. However, this could be interpreted by some as all that was needed to be done (with the port change).
The issue of setting up of the keypair is not mentioned, both host and client need this in place before you can start making these kind of changes to the sshd.config file. Disabling password authentication without these being in place could be kind of risky, and it is not something to attempt unless one is absolutely clear about what one was doing (and why). I was putting up the "Here be Monsters and Dragons" warning notice.
I would agree, that if you have a regular need for ssh access from an external location that this is the preferable authentication mechanism, though a slight case of overkill for a small home network for mainly internal use.
Here's my original comment about not using password:
One thing you can do, to stop dictionary attacks, is use a key, rather than password for access. No amount of password guessing will get through if no passwords are accepted. If he didn't know about the keys, all he had to do was ask.
-- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org