26 Dec
2015
26 Dec
'15
4:21 p.m.
On Dec 26, 2015, at 11:14 AM, Joe Abley <jabley@hopcount.ca> wrote:
With respect to ssh scans in particular -- disable all forms of password authentication and insist upon public key authentication instead. If the password scan log lines still upset you, stop logging them.
Or if you can’t get users to use keys (aside from remove the users) consider things like: example /etc/ssh/sshd_config Match User root PasswordAuthentication no for users that should not be permitted to fall-back to password authentication. - Jared