SSH
Some reminders what can be done with ssh
Use password also we have a key login
Notes for sshd:
Keybased login counts as one Authtry. Even when no key is used. That means when using MaxAuthTries 1 in sshd_config one needs to use -o 'pub...' with ssh client to even get to the password prompt. Or use PreferredAuthentication Password option for the client. This way it starts right away with password prompt. (No need for the pubkey.. no option).
Digging some more I found that most ssh clients first try a login without any method. This is seen in the logs as
I did not found away to stop this. But as it is used to have the client know what AuthenticationMethod the server allows I guess it can not be stopped.
Use password also we have a key login
Code:
ssh -o 'PubkeyAuthentication no' user@host
Keybased login counts as one Authtry. Even when no key is used. That means when using MaxAuthTries 1 in sshd_config one needs to use -o 'pub...' with ssh client to even get to the password prompt. Or use PreferredAuthentication Password option for the client. This way it starts right away with password prompt. (No need for the pubkey.. no option).
Digging some more I found that most ssh clients first try a login without any method. This is seen in the logs as
Code:
sshd[]: Failed none for user from i.p.a.d port_number
Total Comments 0