Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Am looking for a way to delay failed logins after three attempts using ssh.
So, a user /hacker enters a failed password and on the fourth attempt they have to wait x minutes or whatever before they can try again.
Is there a script available or an existing file i can edit to achieve this?
Basically though there are a few options (don't know the exact names off the top of my head) that allow you to set the number of failed logins allowed, timeouts, etc. All this is done through your sshd_config file (normally in /etc/).
It doesn't seem like FAIL_DELAY is implemented in the non-commercial ssh, but you could possibly use pam or tcpwrappers to get around this.
Also, play around with lowering the LoginGraceTime value to stop failed connections from piling up.
Another option entirely is to block the offending IP address if they fail a certain number of times.
Thankyou for ALL the replies. Not sure why one or two of you seem to get upset by some of the replies to my question, perhaps a "chill pill" is needed? LOL.
I did look around the forum first but most of the possible answers revolved around blocking / banning IPs which is not what i want to do. The denyhosts app would seem to cover my needs but is a litte "over the top" or bloated. However i think i can adjust it to get what i am after if nothing else comes up.
Thanks for the help and advice.
Well, the thing is that ssh DOESN'T have the facility,
you have to work around it somehow. Denyhost (with
the expiry set to 10 minutes) may well give you the
desired effect, or what did you expect to happen when
a connection attempt is made in those 10 minutes?
The next alternative would be to edit the sshd source
to your hearts content and add that nifty feature yourself :}