[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally with sshd: ssh password-based failures not tally'd





Andy Armstrong wrote:
George Hansper wrote:

I hate to contradict you, but this is what I get (Fedore Core 3 for this test):

[snip]


I /think/ that's just regular host locking, no?


It may have been host locking. I'm trying to provoke user-locking, and I'm not having much success.

My pam_abl.conf has a user setting of 3 failures in 10 minutes
to cause locking. Host locking is after 10/hour

After 3 failures, I can still log into the same account, george localhost
The  tracing below is after 4 failed logins.

# pam_abl /etc/security/pam_abl.conf -v
	Reading config from /etc/security/pam_abl.conf
	Failed users:
	    george (4)
        	Tue Jan 11 09:24:09 2005
        	Tue Jan 11 09:23:43 2005
        	Tue Jan 11 09:23:33 2005
        	Tue Jan 11 09:23:21 2005
	Failed hosts:
	    localhost.localdomain (4)
        	Tue Jan 11 09:24:09 2005
        	Tue Jan 11 09:23:43 2005
        	Tue Jan 11 09:23:33 2005
        	Tue Jan 11 09:23:21 2005
		
# date
	Tue Jan 11 09:25:35 EST 2005
	
# ssh george localhost
	george localhost's password:
	Last login: Tue Jan 11 09:24:39 2005 from localhost.localdomain
	
$ cat /etc/security/pam_abl.conf
	# /etc/security/pam_abl.conf
	# debug
	host_db=/var/lib/abl/hosts.db
	host_purge=1d
	host_rule=*:10/1h,30/1d
	user_db=/var/lib/abl/users.db
	user_purge=1d
	user_rule=*:3/10m

Regards,
	George Hansper


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]