[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Question on keyboard interactive versus password au
|
From: |
Scott Ruckh |
|
Subject: |
Re: [Jailkit-users] Question on keyboard interactive versus password authentication |
|
Date: |
Fri, 2 Jun 2006 12:57:33 -0700 (MST) |
|
User-agent: |
SquirrelMail/1.4.6-5.el4.centos4 |
This is what you said Al Sheldon
> My default setup of Jailkit on a Suse Linux 9.3 has
> PasswordAuthentication set to no. I have a vendor who has struggled
> with connecting to our SFTP site until they realized that password
> authentication was set to no and that they needed to utilize
> keyboard-interactive. They have requested I set PasswordAuthentication
> to yes. I have researched this and the only negative I see is that it
> may allow the user to change their password if I turn on
> PasswordAuthentication as a method to connect. This is sufficient for
> me to leave it off, however I would like to know if there are any other
> consequences to turning it on (to have more reasons to leave it off) and
> is this the only way to make password authentication function?
>
>
Not using key exchange authentication can leave you open to brute-force
attacks.