[mythtv-users] ssh attack
Alex Malinovich
demonbane at the-love-shack.net
Sat Dec 31 19:55:54 EST 2005
On Thu, 2005-12-29 at 23:02 -0600, Robert Kulagowski wrote:
--snip--
> 4) Edit /etc/pam.d/ssh and look for the line:
> # Standard Un*x authentication.
> @include common-auth
>
> Put a "#" infront of @include common-auth so that it's:
> #@include common-auth
>
> This will restrict ssh from looking at /etc/passwd and /etc/shadow
I prefer editing /etc/ssh/sshd_config instead and setting
PasswordAuthentication to no. This ensures that when you ask the SSH
daemon to list its supported authentication methods it doesn't
mistakenly report password authentication. With the pam edit, you'll
still be prompted for a password, it will just be impossible for it to
succeed.
--
Alex Malinovich
Support Free Software, delete your Windows partition TODAY!
Encrypted mail preferred. You can get my public key from any of the
pgp.net keyservers. Key ID: A6D24837
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mythtv.org/pipermail/mythtv-users/attachments/20051231/65e41de8/attachment.pgp
More information about the mythtv-users
mailing list