On Fri, 8 October, 2004 8:44 am, spam maps said:
Vulpes Velox wrote:
On Thu, 7 Oct 2004 15:15:25 -0700 (PDT) Luke <[EMAIL PROTECTED]> wrote:
There are several script kiddies out there hitting my SSH server every day. Sometimes they attempt to brute-force their way in
man login.conf for more info :)
I'm just guessing, but are you trying to tell me that "login-retries" in login.conf is useful?
I have tried that by setting it to 2, but it seems to have no effect on the sshd login behaviour. I always can try the password 6 times:
$ ssh [EMAIL PROTECTED] Password: Password: Password: [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Permission denied (publickey,password,keyboard-interactive). $
So could you be a little more specific as to where login.conf is of help here?
This is still only one *connection* - sshd will offer you (or anyone else
who can connect) a certain number of chances to prove your identity. Login.conf can't help with this. You can configure sshd to stop offering
the keyboard-interactive auth method - set
ChallengeResponseAuthentication no
in /etc/ssh/sshd_config and HUP the daemon. You will no longer see the first three Password: prompts.
Login.conf can help you to limit the number of successive login attempts. Make sure you run "cap_mkdb /etc/login.conf" whenever you edit the file,
or you will not enable your changes.
Dan
In addition, if you use ipfw, do something like this:
# Allow in SFTP, SSH, and SCP from public Internet
${fwcmd} add 090 pass log tcp from xxx.xxx.xxx.xxx/xx to ${ip} 22 setup limit src-addr 4
This simply allows ssh access to a certain subnet etc. In addition, the limit src-addr 4 allows only 4 connects etc.
-- Best regards, Chris
The most important item in an order will no longer be available. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
