Am 09.01.2015 um 15:32 schrieb Alexander Ploumistos:
On Fri, Jan 9, 2015 at 4:14 PM, Paul Wouters wrote:
My systems are set up that way, you can't just ssh in from
anywhere, you
can only ssh in from machines that have your private key. If
you try
to log in without a pre-shared key, it won't prompt you for your
unix
password, it will just fail.
If your public key authentication fails, it still prompts you for a
password but even if you have set a password it will reject it. This is
to prevent leaking configuration information (eg to avoid telling
attackers whether or not password based logins are allowed in the
machine)
I got a little confused here. I also have my server systems set up to
only use keys. Is it possible to have that along with a "dummy" password
prompt that always fails? If yes, which directives in sshd configuration
accomplish that?
you achieve nothing than cluttered logs from continued dictionary attacks with such a setup even if it would be possible and that has the security implication burry interesting lines in noise
with the response like below a smart zombie would just stop [root@rawhide ~]# ssh root@xxxxxxxxxxxxxxxx Permission denied (publickey). [root@rawhide ~]#
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
