I am trying to learn more in how to best secure my Linode and I have a couple of questions for which I was hoping someone here might be able to offer any tips.


In my /etc/ssh/sshd_config file (which I will post here if it may help):

I've changed my SSH port from the default of 22 to another higher one and believe I have also correctly disabled root access, turned off password authentication , disabled PAM and enabled RSAAuthentication yes , PubkeyAuthentication yes however do still have the uncommented line of
#AuthorizedKeysFile %h/.ssh/authorized_keys

So I also believe I am correctly using my keys which I installed not as root, but in my user account, placing my public key in my user account folder
/home/useraccount/.ssh/authorized_keys

I believe the keys are setup properly, in that when I attempt to login using Putty without Pageant, it first prompts me for a user name but then I get an error
Disconnected: No supported authentication methods available (server sent :publickey)

So I assume this means it is asking for my private key, because when I do then enable Pageant and use my key, I then am able to login just fine and putty says it recognizes my key.


However my issue is that in reviewing my Logwatch :


under the pam_unix sshd:

I still see Authentication Failures usually for root:

SSHD Failed logins from:

and Illegal users from:



Does this therefore mean that in fact perhaps I actually DO NOT have password authentication turned off correctly and entirely or properly disabled root access?

Or that my keys are not fully implemented properly despite being apparently recognized?






Also then my second question from Logwatch,


I have begun to see occasional failed login, dictionary type mail attacks attempts under POP-3
**Unmatched Entries** LOGIN FAILED



I only am using mail on my Linode to send me my Logwatch report.

Could I possibly somehow purge entirely perhaps any unneeded potential mail vulnerabilities
and still be able to receive my Logwatch report?





Thank you very much, if anyone could please offer any tips I really appreciate it.

It sounds like you have SSH setup about right.

RSAAuthentication only affects SSH protocol 1. This is off by default these days. Unless you have a Protocol line in sshd_config enabling protocol 1 RSAAuthentication won't do anything.

'PubkeyAuthentication yes' is the right option to turn on public key authentication for protocol 2, the current version.

It sounds like putty isn't trying keypair authentication.

Did you generate the keypair with puttygen? Is it a SSH-2 keypair?

Did you tell putty to use the private key that corresponds to the public key you copied to the server and did you save the putty profile afterwards? It's easy to hit load instead of save and lose putty settings or close putty instead of saving and lose the settings.

Set PermitRootLogin no in your sshd_config, and all attempts to log in as root via ssh will fail (won't stop zombies from trying, however). In addition to PasswordAuthentication no, you may also need to set ChallengeResponseAuthentication no to disable password logins.

Hi, thanks for the tips.

Yes , I do have Protocol 2 uncommented and enabled

PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
PermitRootLogin no
UsePAM no
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no


however I do still have the commented lines of -

#IgnoreUserKnownHosts yes
#AuthorizedKeysFile %h/.ssh/authorized_keys


as well as these lines -

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

Perhaps these lines additionally need to be uncommented and specify my user account folder?
/home/useraccount/.ssh/authorized_keys


I did use PuttyGen I believe correctly after having some initial issues with the keys being recognized
They are SSH-2 and yes I also can verify I am correctly hitting load to load my Putty profile with a check mark
next to Attempt authentication using Pageant.


As I said I believe my keys are working properly, in that without enabling Pageant in Putty
I get the error:
Disconnected: No supported authentication methods available (server sent :publickey)

and cannot login, However when I do then enable Pageant in Putty with my private key loaded ready to go,
I can in fact successfully login and Putty then upon successful login says recognized key etc.
I also furthermore have noticed a record that the key has been accepted for my user account listed in my log.

So I was just all together wondering essentially if it is normal to still see failed logins and authentication errors in Logwatch?

If pagent works it's proof that the problem isn't on the Linode end. Putty is doing it wrong somehow, check all the settings.

Failed logins from random internet addresses are normal. It's just scripted attack rubbish. If you don't use password authentication you won't have a problem.

Thanks very much for the tips, I checked in my putty session configuration and everything seems right.

I just was trying to essentially verify that even despite if as I believe I do correctly have password authentication disabled, whether it was therefore normal to still see Failed logins and authentication errors in Logwatch?

Or perhaps if rather that this would be an absolute indication that in fact it was somehow not fully disabled.


But if I understand it correctly then, even if it is hopefully disabled correctly, one typically will still see these.

Because again, in testing it without pageant I just get an initial prompt for user name, but then immediately followed by the popup window error preventing me from going any further - Disconnected: No supported authentication methods available (server sent :publickey)

It's only upon enabling my private key in pageant that I am then allowed to successfully login and it says "key accepted" etc.