Problems with openssh and pam_abl

Christian Meier public at
Sun Dec 11 09:29:43 EST 2005

I want to use sshd together with pam_abl to reduce
that logfile spamming with ssh attacks.

So the problem is as follows:

Setting maxAuthTries to 0 or any other values smaller than the default 
of 6 changes the behaviour of pam_abl.

First, but this also happens with not using maxAuthTries option, is:
if the clientside closes connection after for example one failed 
authentication try then the pam module is not being notified, so no 
failed login is recorded in pam_abl database.

Second, altough client does not close connection until it gets the error 
notification "Received disconnect from <IP>: 2: Too many authentication 
failures for ..." the pam_abl module does not get any notification of 
failed login(s). (This second problem only appears when using parameter 
maxauthtries option)

So I hope anybody knows the answer or can say me what to change in 
source code.

I personally think that somewhere there's missing a final cleanup or 
finishing of pam conversation when connection is getting closed at 
client side.

More information about the openssh-unix-dev mailing list