On Fri, 8 October, 2004 8:44 am, spam maps said: > Vulpes Velox wrote: >> On Thu, 7 Oct 2004 15:15:25 -0700 (PDT) Luke <[EMAIL PROTECTED]> wrote: >> >>> There are several script kiddies out there hitting my SSH server >>> every day. Sometimes they attempt to brute-force their way in >> >> man login.conf for more info :) > > I'm just guessing, but are you trying to tell me that "login-retries" in > login.conf is useful? > > I have tried that by setting it to 2, but it seems to have no effect on > the sshd login behaviour. I always can try the password 6 times: > > $ ssh [EMAIL PROTECTED] > Password: > Password: > Password: > [EMAIL PROTECTED]'s password: > Permission denied, please try again. > [EMAIL PROTECTED]'s password: > Permission denied, please try again. > [EMAIL PROTECTED]'s password: > Permission denied (publickey,password,keyboard-interactive). > $ > > So could you be a little more specific as to where login.conf is of help > here?
This is still only one *connection* - sshd will offer you (or anyone else who can connect) a certain number of chances to prove your identity. Login.conf can't help with this. You can configure sshd to stop offering the keyboard-interactive auth method - set ChallengeResponseAuthentication no in /etc/ssh/sshd_config and HUP the daemon. You will no longer see the first three Password: prompts. Login.conf can help you to limit the number of successive login attempts. Make sure you run "cap_mkdb /etc/login.conf" whenever you edit the file, or you will not enable your changes. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
