George Hansper wrote:
Hi,
I've been looking at pam_tally as a means of discouraging "brute force" ssh attacks. I have noticed, like Adam Monsen in a previous e-mail:
http://www.redhat.com/archives/pam-list/2004-October/msg00047.html
that once the maximum password failures has been exceeded,
SSH/PAM still give a clear indication of when you've cracked the right password.
I don't know if it helps but pam_abl[1] produces the same response for blacklisted hosts/users whether or not they supply the correct credentials. It also disables logins based on the originating host rather than the user so accounts that are under attack typically remain usable by their legitimate owner.
[1] http://www.hexten.net/sw/pam_abl/index.mhtml
-- Andy Armstrong
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
