Re: shutting down dictionary attacks

Josh Grosse wrote:

> I run OpenBSD 3.7  with OpenSSH 4.1, and found that even with:
>
>         PermitRootLogin no
>         PasswordAuthentication no
>         Protocol 2
>         ChallengeResponseAuthentication no
>
> Using OpenSSH or Putty from test PCs, I couldn't supply a password, but the
> script kiddies were still finding a way to make password attacks.  Obviously,
> their skills are certainly better than mine. 
>
> Searching The Fine Archive, I found 
> http://marc.theaimsgroup.com/?l=secure-shell&m=109755336414758&w=2
>
> which suggests
>
>         PAMAuthenticationViaKbdInt no
>
> as an additional config setting.  It's not applicable to OpenSSH 4.1
> on OpenBSD. But, poking through sshd(8) I found:
>
>         KerberosOrLocalPasswd no
>
> After adding that to my config, it *seems* like my attacks may have 
> been stopped.  At least, they're no longer being logged.
>
> Any thoughts on whether this change will be effective, or if this was just
> serendipitous?
>
>   -Josh Grosse-
>
>  
Apologies about the last reply.
More info on the environment the PCs are in is probably needed.