Sebastian Posner, Wed Jul 08 2009 23:18:43 GMT+0200 (CEST): > Jim Popovitch wrote: > >> Is there a way to force keys AND passwd verification? > > Normally you'd want to DISABLE PasswordAuthentication and > ChallengeResponseAuthentication - unless you have a special and > well-maintained setup like e.g. One-Time-Pads or such - because both can > potentially be brute-forced way faster than SSH-keys.
Why not using PasswordAuthentication and/or ChallangeResponseAuthetication like opie/otpw/freeauth? I think its better then passwordless ssh keys and strong passwords and fail2ban should help against brute-force. PJ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org