On Mon, Jun 21, 2010 at 10:04 AM, Ted Roche <tedro...@gmail.com> wrote: >> Apparently attackers are going after "keyboard interactive" >> authentication, which is separate from "password authentication". >> > > So, even if I have set PasswordAuthentication no in my sshd_config, > there's still a way to ssh into the server without a key pair? That's > confusing.
The OpenSSH server has a built-in password prompt/input system, but it can also farm that job out to PAM or other suitable technologies. There are other ways to use a keyboard for authentication than standard Unix passwords, so this isn't just complexity. One-time-passwords and two-factor things like those RSA SecurID tokens both require user input, for example. It's a good idea to explicitly disable any authentication methods you're not using. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/