Keyboard Interactive Attack?
Scott Neugroschl
scott_n at xypro.com
Thu Jul 23 09:27:34 AEST 2015
On 22/07/15 13:56, Ángel González wrote:
>On 22/07/15 21:41, Scott Neugroschl wrote:
>> I read an article today about keyboard interactive auth allowing bruteforcing.
>>
>> I'm afraid I have minimal understanding of what keyboard-interactive really does. What does it do, and should I have my clients set it to off in sshd_config?
>keyboard-interactive would ask the user for a password. You could be doing something a bit different through PAM, but given your query, you probably aren't, and >both password and keyboard-interactive are basically equivalent on your system.
What is the difference between password and keyboard-interactive?
More information about the openssh-unix-dev
mailing list