Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Disable ssh access for password-guessing bots' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Disable ssh access for password-guessing bots
Authored by: zadig on Oct 10, '08 08:23:32AM

Another solution that I've used on my installation is to disable password-based access to SSH, but still allow logins using public/private key authentication.

I did this because I wanted remote access to my system while I was at work, but didn't like the thousands of password attempts I saw every day to have any chance of succeeding.

You can set up key authentication in SSH by following this hint. After that, you can disable password authentication by editing /etc/sshd and setting PasswordAuthentication=no.



[ Reply to This | # ]
Disable ssh access for password-guessing bots
Authored by: zadig on Oct 10, '08 08:32:02AM

Forgot to look at my own /etc/sshd_config file before posting. No equal sign, and there's another setting to change (as the comments in the file warn you anyway). Set these two lines:

PasswordAuthentication no
UsePAM no

Another thing I remembered while I was editing is that Apple sometimes overwrites that file during updates. At least, it must have once because I looked at this file after changing it a long time ago, and saw that my custom settings were gone. So check it after you install any update to make sure your sshd_config is still locked down.



[ Reply to This | # ]
Disable ssh access for password-guessing bots
Authored by: Cobalt Jacket on Oct 12, '08 08:55:37PM

This person is spot-on. Using private-key authentication will instantly negate scriptkiddies as an issue. And if you're at a foreign computer, you can carry SSH and a private key (perhaps not your main one) around on a USB keyfob.



[ Reply to This | # ]