[Dshield] SSH Bots
Richard H. Fifarek
richard.fifarek at noaa.gov
Tue Mar 7 14:04:33 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Jon R. Kibler wrote:
> I don't see any modules to this in default FC/4
> or Solaris 9/10 distros. Anyone know if this can be done and/or how to do it?
The module that we use is pam_tally on RedHat/FC machines, part of the
#> rpm -ql pam|grep tally
Add/replace lines similar to following to the beginning of /etc/pam.d/sshd:
auth required pam_tally.so no_magic_root
account required pam_tally.so deny=5 no_magic_root
- no_magic_root exempts the root account from being locked, however
still maintains a count of failed logins. root shouldn't be allowed in
via ssh anyhow.
- deny=5 sets the failed logins to 5 before the account is locked.
/sbin/pam_tally is the command line tool used to list locked accounts,
unlock locked accounts, etc.
We've never tried this on Solaris, but I imagine it could be made to
work. As other folks have mentioned, if you can, shared keys are a
better way to go.
Richard Fifarek <richard.fifarek at noaa.gov>
Physical Sciences Division
NOAA/OAR/Earth System Research Laboratory
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the list