Am 09.01.2015 um 15:32 schrieb Alexander Ploumistos:
On Fri, Jan 9, 2015 at 4:14 PM, Paul Wouters wrote:My systems are set up that way, you can't just ssh in from anywhere, you can only ssh in from machines that have your private key. If you try to log in without a pre-shared key, it won't prompt you for your unix password, it will just fail. If your public key authentication fails, it still prompts you for a password but even if you have set a password it will reject it. This is to prevent leaking configuration information (eg to avoid telling attackers whether or not password based logins are allowed in the machine) I got a little confused here. I also have my server systems set up to only use keys. Is it possible to have that along with a "dummy" password prompt that always fails? If yes, which directives in sshd configuration accomplish that?
you achieve nothing than cluttered logs from continued dictionary attacks with such a setup even if it would be possible and that has the security implication burry interesting lines in noise
with the response like below a smart zombie would just stop [root@rawhide ~]# ssh r...@local.rhsoft.net Permission denied (publickey). [root@rawhide ~]#
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
