limiting ssh logins
Kevin D. Kinsey, DaleCo, S.P.
kdk at daleco.biz
Sat Nov 13 13:55:27 GMT 2004
> I'm wondering if it's possible to use pam or perhaps tcp_wrappers to
>limit how many ssh logins can be atempted? I'd like to kick off a user who
>tries to log in repeatedly with the wrong password or tries x times within a
>minute, my purpose is to slow down hacking atempts in situations where
>public key authentication is not possible.
# man login.conf | grep -A 5 -B 5 retries
login_prompt string The login prompt given by login(1)
login-backoff number 3 The number of login attempts
before the backoff delay is
after each subsequent attempt.
login-retries number 10 The number of login attempts
before the login fails.
passwd_format string md5 The encryption format that new or
changed passwords will use. Valid
values include "des", "md5" and
"blf". NIS clients using a
More information about the freebsd-questions