[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Protecting against ssh brute-force attacks

From: "Nicolas Mailhot" <nicolas mailhot laposte net>
To: "Discussion related to Fedora Extras" <fedora-extras-list redhat com>
Cc: "Discussion related to Fedora Extras" <fedora-extras-list redhat com>
Subject: Re: Protecting against ssh brute-force attacks
Date: Wed, 2 Nov 2005 11:38:05 +0100 (CET)

On Mer 2 novembre 2005 09:23, Tomas Mraz wrote:
> On Tue, 2005-11-01 at 20:40 -0500, Warren Togami wrote:

>> I haven't tried pam_abl, but I am guessing that it reacts faster to an
>> attack than denyhosts.  The packaged denyhosts defaults to 30 seconds
>> between log checks when in daemon mode.  This is good enough, although I
>> wonder if pam_abl is more efficient by not re-reading the logs often.
>> (Just guessing how it works...)
> It doesn't read the logs, it uses the information provided from the PAM
> calls. So it reacts immediately although it means that the protected
> service must use PAM for authentication+authorization. As SSH does it is
> very well usable for it and I even think it was primarily designed with
> ssh in mind.

Ok one voice for denyhosts, another for pam_abl.
Anyone tried both ? Is pam_abl easy to setup ? Will pam_abl react only to
ssh or also lockup local connexions if someone mistypes his password too
often ?

Regards,

-- 
Nicolas Mailhot

Follow-Ups:
- Re: Protecting against ssh brute-force attacks
  - From: Neal Becker

References:
- Protecting against ssh brute-force attacks
  - From: Nicolas Mailhot
- Re: Protecting against ssh brute-force attacks
  - From: Warren Togami
- Re: Protecting against ssh brute-force attacks
  - From: Tomas Mraz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]