Joe Landman wrote:
Use pam_abl. Really. Even if the password were weak, and they guessed
it on the 57th try, pam_abl will stop the login. Read the manual.
Adjust the config settings.
Our ssh logs are scary, have been for a while. They aren't the scariest
of our logs.
DenyHosts works on a similar principle -
http://denyhosts.sourceforge.net/ although pam_abl's pretending to
accept logins even when the attacker has been blacklisted sounds
downright sneaky!
Could make for an interesting Monday morning pre-coffee login session
though - as you wonder why your initially mistyped password still isn't
working after 50 login attempts :)
Even paranoids have enemies.
or "I've only been paranoid since they started watching me"?
-stephen
--
Stephen Mulcahy, Applepie Solutions Ltd., Innovation in Business Center,
GMIT, Dublin Rd, Galway, Ireland. +353.91.751262 http://www.aplpi.com
Registered in Ireland, no. 289353 (5 Woodlands Avenue, Renmore, Galway)
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
