No, it would make it more secure. It's almost impossible to bruteforce a public key, and that is the only authentication method enabled.
I would do it, but sometimes I have to ssh-in from other computers than my own, so public key authentication only would not be desired. I always have my phone, so Google Auth works fine. On Jul 9, 2015 8:08 AM, "Jake Anderson" <justmainfra...@gmail.com> wrote: > Hi Philippe > > Disabling the two features won't be a security vulnerability? > > Jake > > On Thursday 9 July 2015, Philipp Kern <pk...@debian.org> wrote: > > > On Wed, Jul 08, 2015 at 03:45:01PM -0300, Mauro Souza wrote: > > > I have a VPS that got a continuous stream of ssh login attempts, so I > set > > > up fail2ban on it. After that, I changed SSH port from 22 to a random > > one. > > > And installed portsentry. And configured PAM to use Google > Authentication > > > for SSH. > > > > > > Doing this, the failed logins went to zero. No more bots crawling > around > > > and bruteforcing my VPS. > > > > It should be enough to turn off PasswordAuthentication and > > ChallengeResponseAuthentication to no in sshd_config and simply use > > public key cryptography to login. > > > > Kind regards > > Philipp Kern > > > > ---------------------------------------------------------------------- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu <javascript:;> with the message: > > INFO LINUX-390 or visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/