On Mon, Oct 03, 2005 at 10:14:58AM -0500, Steve Block wrote: > I looked at my logs and found that every one of these attacks used > password authentication when trying to authenticate to the server. > This gave me the idea that I could disable password authentication > while leaving the keyboard-interactive (through pam) and public key > based systems active. > > Am I right in assuming that the password based scripted login attempts > will fail even if they somehow (heaven forbid) guess a valid password? > Is there an easy way to test this?
Are you still getting a long list of dictionary attack attempts in your logs? -- Jon Dowland http://jon.dowland.name/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
