Protecting against ssh brute-force attacks
Nicolas Mailhot
nicolas.mailhot at laposte.net
Wed Nov 2 10:38:05 UTC 2005
On Mer 2 novembre 2005 09:23, Tomas Mraz wrote:
> On Tue, 2005-11-01 at 20:40 -0500, Warren Togami wrote:
>> I haven't tried pam_abl, but I am guessing that it reacts faster to an
>> attack than denyhosts. The packaged denyhosts defaults to 30 seconds
>> between log checks when in daemon mode. This is good enough, although I
>> wonder if pam_abl is more efficient by not re-reading the logs often.
>> (Just guessing how it works...)
> It doesn't read the logs, it uses the information provided from the PAM
> calls. So it reacts immediately although it means that the protected
> service must use PAM for authentication+authorization. As SSH does it is
> very well usable for it and I even think it was primarily designed with
> ssh in mind.
Ok one voice for denyhosts, another for pam_abl.
Anyone tried both ? Is pam_abl easy to setup ? Will pam_abl react only to
ssh or also lockup local connexions if someone mistypes his password too
often ?
Regards,
--
Nicolas Mailhot
More information about the fedora-extras-list
mailing list