Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Am looking for a way to delay failed logins after three attempts using ssh.
So, a user /hacker enters a failed password and on the fourth attempt they have to wait x minutes or whatever before they can try again.
Is there a script available or an existing file i can edit to achieve this?
Basically though there are a few options (don't know the exact names off the top of my head) that allow you to set the number of failed logins allowed, timeouts, etc. All this is done through your sshd_config file (normally in /etc/).
It doesn't seem like FAIL_DELAY is implemented in the non-commercial ssh, but you could possibly use pam or tcpwrappers to get around this.
Also, play around with lowering the LoginGraceTime value to stop failed connections from piling up.
Another option entirely is to block the offending IP address if they fail a certain number of times.
Thankyou for ALL the replies. Not sure why one or two of you seem to get upset by some of the replies to my question, perhaps a "chill pill" is needed? LOL.
I did look around the forum first but most of the possible answers revolved around blocking / banning IPs which is not what i want to do. The denyhosts app would seem to cover my needs but is a litte "over the top" or bloated. However i think i can adjust it to get what i am after if nothing else comes up.
Thanks for the help and advice.
Well, the thing is that ssh DOESN'T have the facility,
you have to work around it somehow. Denyhost (with
the expiry set to 10 minutes) may well give you the
desired effect, or what did you expect to happen when
a connection attempt is made in those 10 minutes?
The next alternative would be to edit the sshd source
to your hearts content and add that nifty feature yourself :}