Protecting against ssh brute-force attacks
Warren Togami
wtogami at redhat.com
Wed Nov 2 01:40:36 UTC 2005
Nicolas Mailhot wrote:
> Hi,
>
> I see denyhosts and pam_abl are both in extras. Perhaps there are even
> other packages devoted to defending against ssh brute-force attacks.
>
> Anyone tried them ? Care to recommend one or the other ?
I just tried denyhosts. It seems to worked as advertised, although I
wonder why FE5 has the latest 1.1.2 version while FE3 and FE4 contain
1.0.2. I tested the 1.1.2 SRPM rebuilt on FE3 and it seems to work fine.
I haven't tried pam_abl, but I am guessing that it reacts faster to an
attack than denyhosts. The packaged denyhosts defaults to 30 seconds
between log checks when in daemon mode. This is good enough, although I
wonder if pam_abl is more efficient by not re-reading the logs often.
(Just guessing how it works...)
Warren Togami
wtogami at redhat.com
More information about the fedora-extras-list
mailing list