[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally with sshd: ssh password-based failures not tally'd



George Hansper wrote:

Hi,

I've been looking at pam_tally as a means of discouraging "brute force"
ssh attacks. I have noticed, like Adam Monsen in a previous e-mail:

http://www.redhat.com/archives/pam-list/2004-October/msg00047.html

that once the maximum password failures has been exceeded,
SSH/PAM still give a clear indication of when you've cracked the right password.

I don't know if it helps but pam_abl[1] produces the same response for blacklisted hosts/users whether or not they supply the correct credentials. It also disables logins based on the originating host rather than the user so accounts that are under attack typically remain usable by their legitimate owner.


[1] http://www.hexten.net/sw/pam_abl/index.mhtml

--
Andy Armstrong


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]