Problems with openssh and pam_abl
Christian Meier
public at meierchristian.de
Sun Dec 11 09:29:43 EST 2005
I want to use sshd together with pam_abl to reduce
that logfile spamming with ssh attacks.
So the problem is as follows:
Setting maxAuthTries to 0 or any other values smaller than the default
of 6 changes the behaviour of pam_abl.
First, but this also happens with not using maxAuthTries option, is:
if the clientside closes connection after for example one failed
authentication try then the pam module is not being notified, so no
failed login is recorded in pam_abl database.
Second, altough client does not close connection until it gets the error
notification "Received disconnect from <IP>: 2: Too many authentication
failures for ..." the pam_abl module does not get any notification of
failed login(s). (This second problem only appears when using parameter
maxauthtries option)
So I hope anybody knows the answer or can say me what to change in
source code.
I personally think that somewhere there's missing a final cleanup or
finishing of pam conversation when connection is getting closed at
client side.
More information about the openssh-unix-dev
mailing list