Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Password auth turned off in OpenSSH

from [C. Linus Hicks] Network Security [Permanent Link]
Subject: Re: Password auth turned off in OpenSSH
Date: 12 Oct 2004 01:12:24 -0400 
On Mon, 2004-10-11 at 15:59, Daniel Prevett wrote:

Look for an option in the sshd_config file that looks like this:

# Set this to 'yes' to enable PAM keyboard-interactive authentication 
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
PAMAuthenticationViaKbdInt yes

If it's set to yes, that's likely what is happening.  Setting that
option to no should force the users to have to use public key provided
that PasswordAuthentication is also set to no.


I remember reading the discussion of that option in the documentation as
I was researching the problem. However, my config file has that turned
off as well, that is, it is set to 'no'.

Actually, to be more specific, I used to have PasswordAuthentication
turned on. When I noticed the attempted logins recently, I turned it
off. The timestamp on my config file is September 28th, and I
specifically remember sending it a SIGHUP after I made the modification
and ps shows it having been started on September 28th.
PAMAuthenticationViaKbdInt has always been turned off. My log files show
the password attacks as recently as October 4th, when I closed that port
in my firewall pending resolution of this problem.

-- 
C. Linus Hicks <lhicks@nc.rr.com>
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  cross-compilation failing, olivier
Next by Date:  Re: Password auth turned off in OpenSSH, Darren Tucker
Previous by Thread:  Re: Password auth turned off in OpenSSH, Daniel Prevett
Next by Thread:  Re: Password auth turned off in OpenSSH, Darren Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]