On Thu, 2005-01-06 at 16:25 +1100, George Hansper wrote: > Hi, > > I've been looking at pam_tally as a means of discouraging "brute force" > ssh attacks. I have noticed, like Adam Monsen in a previous e-mail: > > http://www.redhat.com/archives/pam-list/2004-October/msg00047.html > > that once the maximum password failures has been exceeded, > SSH/PAM still give a clear indication of when you've cracked the right password. > > If you give a bad password, you get a 2-second delay and a new prompt: > > dummy@localhost's password: > Permission denied, please try again. > dummy@localhost's password: > > If you get it right, you get the message: > > dummy@localhost's password: > Read from remote host localhost: Connection reset by peer > Connection to localhost closed. ... > Is there some configuration change I can make to pam/ssh which will > fail a "locked" account in a consistant manner, regardless of whether > or not the password is right? > > Or is this already the subject of a bug-report/enhancement-request? Yes, this is a long known bug. I'm just working on improving the module so it will not have this problem. -- Tomas Mraz <tmraz@xxxxxxxxxx> _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
