Different network types will have different abilities to enforce this.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Jared Mauch" <ja...@puck.nether.net> To: "Joe Abley" <jab...@hopcount.ca> Cc: nanog@nanog.org Sent: Saturday, December 26, 2015 3:21:03 PM Subject: Re: de-peering for security sake > On Dec 26, 2015, at 11:14 AM, Joe Abley <jab...@hopcount.ca> wrote: > > With respect to ssh scans in particular -- disable all forms of > password authentication and insist upon public key authentication > instead. If the password scan log lines still upset you, stop logging > them. Or if you can’t get users to use keys (aside from remove the users) consider things like: example /etc/ssh/sshd_config Match User root PasswordAuthentication no for users that should not be permitted to fall-back to password authentication. - Jared
