User: Password:
Subscribe / Log in / New account

Preventing brute force ssh attacks

Preventing brute force ssh attacks

Posted Nov 7, 2007 12:31 UTC (Wed) by jlmassir (guest, #48904)
Parent article: Preventing brute force ssh attacks

The article fail to cover the standard pam module pam_tally. It locks for 
some time an account being attacked and is very simple to configure. In my 
debian server I put 

in /etc/pam.d/common-account:
account required

in /etc/pam.d/common-auth:
auth required deny=5 unlock_time=300

That will lock an account being attacked for 300 seconds if password 
failed 5 times. It is effective for all services using pam authentication, 
like imap and authenticated smtp. Just warn users that they will have to 
expect 5 minutes if they fail to log in for 5 times.

Also, with any brute force attack counter measures, in a multi user system 
one must be sure that passwors are strong (if some user chooses as the 
password its own username, chances are that the account will be cracked in 
a single try). One cannot rely on advising people to be responsible. 
Therefore, password cracking tools like john the ripper are very useful. 
That should be covered in the article too.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds