My major concern is that if you enabled password authentication you'd leave your system vulnerable to brute force password attacked as in TELNET.
Beside, if one could use password authentication, why would one bother to take all the trouble setting up RSA connection? :) I did ask question here, whether I could let one group of user use password authentication(for casual users with limited access) and the other group of users use RSA(for admin. users who have higher privileges). Seem like it's not possible, according to expert opinions here, for current ssh release. I might be wrong, please advise if it's possible. I wish to know! :) Thanks! Alan. > > > Alan KF LAU wrote: > > > Disable Rhost and password authentication, only enable RSA > > authentication. > > Disableing rhosts yes, because that can cause a whole bunch of trouble. > However I > have a tendancy to leave passwords enabled as I need to access my machines > from a > lot of different places and I don't always carry my RSA key with me. On top > of that > there are some users I have who need access that would be unable (due to > general > incompitence) to set up RSA keys and the like from their boxen. > > > > Login with a ssh client with RSA support, like mindterm. > > SecureCRT is a good client although it is commercial. > > > > > Nikolai Lusan > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
