Quoting Jason White (jason@jasonjgw.net):
It doesn't take long to shut down ssh before editing /etc/ssh/sshd_config to set PasswordAuthentication no.
Personally, I wouldn't even do that. (In fact, I don't do it.) The PAM details mentioned upthread prevent non-root users from using trivially guessable 'joe account' passwords. Once those are out of the picture, guessing just isn't a credible threat. Stolen credentials, by contrast, are -- and both passwords and keypairs can be equally easily stolen on a compromised host and then used to impersonate users in connection sessions to elsewhere. Illustrative example: http://linuxmafia.com/faq/Security/breakin-without-remote-vulnerability.html Rumours that the unnamed enterprise was VA Linux Systems, Inc. and that it was hax0red because an IT Department member incautiously ssh'ed _inwards_ from shells.sourceforge.net, will not be confirmed. ;-> Also relevant is the lessons of the Debian Project security incident of 2003: http://linuxmafia.com/~rick/constructive-paranoia.html