pam_tally with sshd: ssh password-based failures not tally'd
George Hansper
george-lists at anstat.com.au
Mon Jan 10 22:36:52 UTC 2005
Andy Armstrong wrote:
> George Hansper wrote:
>
>> I hate to contradict you, but this is what I get (Fedore Core 3 for
>> this test):
>
> [snip]
>
> I /think/ that's just regular host locking, no?
>
It may have been host locking. I'm trying to provoke user-locking,
and I'm not having much success.
My pam_abl.conf has a user setting of 3 failures in 10 minutes
to cause locking. Host locking is after 10/hour
After 3 failures, I can still log into the same account, george at localhost
The tracing below is after 4 failed logins.
# pam_abl /etc/security/pam_abl.conf -v
Reading config from /etc/security/pam_abl.conf
Failed users:
george (4)
Tue Jan 11 09:24:09 2005
Tue Jan 11 09:23:43 2005
Tue Jan 11 09:23:33 2005
Tue Jan 11 09:23:21 2005
Failed hosts:
localhost.localdomain (4)
Tue Jan 11 09:24:09 2005
Tue Jan 11 09:23:43 2005
Tue Jan 11 09:23:33 2005
Tue Jan 11 09:23:21 2005
# date
Tue Jan 11 09:25:35 EST 2005
# ssh george at localhost
george at localhost's password:
Last login: Tue Jan 11 09:24:39 2005 from localhost.localdomain
$ cat /etc/security/pam_abl.conf
# /etc/security/pam_abl.conf
# debug
host_db=/var/lib/abl/hosts.db
host_purge=1d
host_rule=*:10/1h,30/1d
user_db=/var/lib/abl/users.db
user_purge=1d
user_rule=*:3/10m
Regards,
George Hansper
More information about the Pam-list
mailing list