Public bug reported:
I don't install sshd on my system because I'm afraid of people brute force
cracking my password, like in bug #58074.
my password is weak, because it's the password I use to login on my computer
and I must remember it. I didn't find a way to set another password for ssh
than my password on the computer.
I think that ssh should have an option, enabled by default, to blacklist
hosts if they enter more than 3 times in a row the wrong password. It
should be easy to re-enable their connection by modifying eg /etc/sshd
/blacklisted-hosts.txt
and when a host is blacklisted, it should be logged so that the user can
diagnose how come the remote SSH is no longer working. blacklist entries
could expire after 3 months for instance (to avoid ever-growing
blacklist files).
I think I read somewhere that it works like that on Mac. certainly I
don't see a big flaw in this approach and it would be much more secure
than the current approach.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
blacklist hosts after 3 wrong password
https://launchpad.net/bugs/77943
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
