SSHd

Nicolas Mailhot nicolas.mailhot at laposte.net
Thu Aug 31 21:08:28 UTC 2006


Le mercredi 23 août 2006 à 09:35 -0400, Matthew Miller a écrit :
> On Wed, Aug 23, 2006 at 01:27:48PM +0200, Arjan van de Ven wrote:
> > > account, would best be dealth with with a default configuration that
> > > blocks an IP for some time if enough unsuccessful attempts are made. 
> > installing denyhosts by default sounds reasonable ;)
> 
> I don't think so. Denyhosts works by manipulating /etc/hosts.deny, which is
> a security-sensitive config file which shouldn't be edited willy-nilly by
> scripts.

While denyhosts is a terrific script, I've always found the approach
taken by pam_abl more powerful and correct from a design POW.

-- 
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060831/bcc02763/attachment.sig>


More information about the fedora-devel-list mailing list