--
Brett I. Holcomb [EMAIL PROTECTED] Registered Linux User #188143 Remove R777 to email
---------- Forwarded message ---------- Date: Sat, 9 Apr 2005 09:55:30 -0500 From: James R. Campbell <[EMAIL PROTECTED]> Reply-To: [email protected] To: [email protected] Subject: Re: [gentoo-user] ssh - temporary lock if too many login attempts?
If you use PAM, have a read on: 'man pam_fail_delay'. Also, if you are doing this because someone is banging on your sshd from say the Internet, then you should also look at the following sshd_config options: PermitRootLogin AllowUsers
Ideally, you'd want to setup RSA key based authorization, and disable regular logins completely. This is not always acceptable for people, but generally seems to be the most 'secure' way of setting up remote ssh access.
'man sshd_config' provides all of the juicy details here...
hth, --James
On Saturday 09 April 2005 08:23, James R. Campbell wrote:
SSH2 supports the 'PasswordGuesses' option to the sshd_config file, but OpenSSH relies on your authorization mechanism to take care of this type of thing, IIRC.
'FAIL_DELAY' and 'LOGIN_RETRIES' paramaters in your /etc/login.defs are probably what you are after if you have them in use. 'man 5 login.defs' should give you what you need.
--James
On Friday 08 April 2005 17:29, A. Khattri wrote:Was wondering if there's a way to put a temporary lock on account if there are too many login failures? By temporary I mean locked for a certain period of time. (This is for ssh BTW).
-- -- -- --This Message Powered by Linux-- --Registered Linux User 227032-- James R. Campbell, Owner Reliant Data Systems 875 Pebble Lane Florissant, MO 63033 (314) 616-1651 (Phone) http://www.reliant-data.com -- [email protected] mailing list
