On Wednesday, July 22, 2015 4:32 PM, Ron Frederick wrote: > You need to disable “ChallengeResponse” (aka keyboard-interactive) authentication, not password authentication, to protect against this attack. Thank you, Ron.