question about ssh
Bruno Wolff III
bruno at wolff.to
Thu Dec 30 20:38:08 UTC 2004
On Thu, Dec 30, 2004 at 17:44:07 +0100,
Dario Lesca <d.lesca at solinos.it> wrote:
> Il gio, 2004-12-30 alle 14:30, Steven Stern ha scritto:
> > On Thu, 30 Dec 2004 21:19:35 +0800, chi <chi at fatball.no-ip.info> wrote:
>
> > I did three things.
> > ...
>
> .. and via iptables?
>
> it is possible allow only 2 or 3 access every 5/10 minutes with
> --limit-burst option?
>
> I do not know how to do this ... Someone have a example?
> Is this idea a good solution ... or not?
It looks like you might be able to use pam_tally to do what you want, though
you probably want to combine it with pam_rhosts to allow some special hosts
to be able to login to accounts whose fail tallies are over the limit. (The
idea is to require one of pam_tally or pam_rhoststo succeed in addition to
whateveryour normal allowed authentication methods are.) Be careful about the
setup if you are allowing root logins via ssh.
If pam_tally doesn't do quite what you want, you might be able to modify it to
do what you want. This approach seems better than rate limiting SYN packets.
More information about the fedora-list
mailing list