[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Question on keyboard interactive versus password au

From: Scott Ruckh
Subject: Re: [Jailkit-users] Question on keyboard interactive versus password authentication
Date: Fri, 2 Jun 2006 12:57:33 -0700 (MST)
User-agent: SquirrelMail/1.4.6-5.el4.centos4

This is what you said Al Sheldon
> My default setup of Jailkit on a Suse Linux 9.3 has
> PasswordAuthentication set to no.  I have a vendor who has struggled
> with connecting to our SFTP site until they realized that password
> authentication was set to no and that they needed to utilize
> keyboard-interactive.  They have requested I set PasswordAuthentication
> to yes.  I have researched this and the only negative I see is that it
> may allow the user to change their password if I turn on
> PasswordAuthentication as a method to connect.   This is sufficient for
> me to leave it off, however I would like to know if there are any other
> consequences to turning it on (to have more reasons to leave it off) and
> is this the only way to make password authentication function?
Not using key exchange authentication can leave you open to brute-force

reply via email to

[Prev in Thread] Current Thread [Next in Thread]