F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Reindl Harald
h.reindl at thelounge.net
Fri Jan 9 14:51:17 UTC 2015
Am 09.01.2015 um 15:32 schrieb Alexander Ploumistos:
> On Fri, Jan 9, 2015 at 4:14 PM, Paul Wouters wrote:
>
> My systems are set up that way, you can't just ssh in from
> anywhere, you
> can only ssh in from machines that have your private key. If
> you try
> to log in without a pre-shared key, it won't prompt you for your
> unix
> password, it will just fail.
>
> If your public key authentication fails, it still prompts you for a
> password but even if you have set a password it will reject it. This is
> to prevent leaking configuration information (eg to avoid telling
> attackers whether or not password based logins are allowed in the
> machine)
>
> I got a little confused here. I also have my server systems set up to
> only use keys. Is it possible to have that along with a "dummy" password
> prompt that always fails? If yes, which directives in sshd configuration
> accomplish that?
you achieve nothing than cluttered logs from continued dictionary
attacks with such a setup even if it would be possible and that has the
security implication burry interesting lines in noise
with the response like below a smart zombie would just stop
[root at rawhide ~]# ssh root at local.rhsoft.net
Permission denied (publickey).
[root at rawhide ~]#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150109/2f312fcc/attachment.sig>
More information about the devel
mailing list