Protecting against ssh brute-force attacks
Tomas Mraz
tmraz at redhat.com
Wed Nov 2 08:23:27 UTC 2005
On Tue, 2005-11-01 at 20:40 -0500, Warren Togami wrote:
> Nicolas Mailhot wrote:
> > Hi,
> >
> > I see denyhosts and pam_abl are both in extras. Perhaps there are even
> > other packages devoted to defending against ssh brute-force attacks.
> >
> > Anyone tried them ? Care to recommend one or the other ?
>
> I just tried denyhosts. It seems to worked as advertised, although I
> wonder why FE5 has the latest 1.1.2 version while FE3 and FE4 contain
> 1.0.2. I tested the 1.1.2 SRPM rebuilt on FE3 and it seems to work fine.
>
> I haven't tried pam_abl, but I am guessing that it reacts faster to an
> attack than denyhosts. The packaged denyhosts defaults to 30 seconds
> between log checks when in daemon mode. This is good enough, although I
> wonder if pam_abl is more efficient by not re-reading the logs often.
> (Just guessing how it works...)
It doesn't read the logs, it uses the information provided from the PAM
calls. So it reacts immediately although it means that the protected
service must use PAM for authentication+authorization. As SSH does it is
very well usable for it and I even think it was primarily designed with
ssh in mind.
--
Tomas Mraz <tmraz at redhat.com>
More information about the fedora-extras-list
mailing list