LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Preventing brute force ssh attacks (pam_shield)

Preventing brute force ssh attacks (pam_shield)

Posted Oct 29, 2007 18:24 UTC (Mon) by dag- (subscriber, #30207)
Parent article: Preventing brute force ssh attacks 

Something that I haven't seen mentioned in these discussions is pam_shield. It hooks into PAM,
actively knows and registers when a failed attempt to logon has happened and takes action when
something is beyond a certain treshold.

The default action it takes is to null-route the source ip address for a certain amount of
time. (configurable)

You can provide a list of networks that it should never null-route (to protect your own
systems from being blocked this way).

To me this system is perfect since:

 - it does not have to scan a log files every X time

 - it does not mess around with the firewall (or it could if you so like)

 - it works on more than just SSH (FTP or else anything in PAM)

 - it is pretty simple and straightforward to use

 - it is very customizable as the action to take can be a simple script

You can get pam_shield from:

    http://www.ka.sara.nl/home/walter/pam_shield/

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds