ssh and pam

isuck@linux · 11-14-2006, 02:06 PM

I just installed a new debian box, it's going to be an external relay so I want it to be really secure. I have never secured a linux box so I started reading about PAM and ssh. I was following steps in this debian security guide:
http://www.debian.org/doc/manuals/se...to/ch4.en.html
now when I tested what I did I got nothing new, I can't get the FAIL_DELAY command to work with PAM and the failed login is still 7 when I actually put 3 retries in /etc/pam.d/ssh and login. Does anyone know how to add a fail delay to the ssh login and what I could be missing?. TIA

unSpawn · 11-14-2006, 08:36 PM

The delay is hardcoded in OpenSSH AFAIK. For a "three strikes out" approach check out pam_tally. If this really is about SSH bruteforcing better harden SSH by disabling protocol 1, root account and password logins and pick one method out of http://www.linuxquestions.org/questi...d.php?t=340366 as well. BTW, I hope you did your basic host hardening before this all?

isuck@linux · 11-15-2006, 11:58 AM

Thanks for your reply. I don't know what you mean by basic host hardening, I disabled telnet, created a group for su and sudo users and shutdown unnecessary services, is that what you mean by basic host hardening?