|
|
|
|
|
|
by bogantech
1336 days ago
|
|
|
Yep and Password auth can also be augmented with some additional PAM modules (like pam_oath and/or pam_yubico) as long as you don't configure them in a way that allows user enumeration. Really the only thing you get by changing the port is less log spam.
If your system is so poorly configured that an automated drive-by attack by a bot would be successful then you're gonna get owned anyway if someone decides to target you. |
|
|
I think reducing log spam is actually a great security outcome, if the only thing normally present in the log are my real logins, an attacker's attempt world stick out like a sore thumb.