SSHD Feature Request
Darren Tucker
dtucker at zip.com.au
Sat May 14 10:50:04 EST 2005
David Leonard wrote:
> On Fri, 13 May 2005, Seann Herdejurgen wrote:
>
>>a valid user/pass combination. To combat this, I would like to request
>>an sshd_config option that would cause the running sshd parent process
>>to keep track of login failures by IP address. If there are more than X
>>number of login failures for a particular IP address over a fixed period
>>of time, simply deny login to all attempts after the first X tries.
>
>
> check out pam_tally. I've not used it but googling shows some reports of
> success with ssh.
Also pam_abl. It allows blocking by source IP not just by account.
http://www.hexten.net/sw/pam_abl/index.mhtml
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list