limiting ssh logins

Kevin D. Kinsey, DaleCo, S.P. kdk at
Sat Nov 13 13:55:27 GMT 2004

dave wrote:

>    I'm wondering if it's possible to use pam or perhaps tcp_wrappers to
>limit how many ssh logins can be atempted? I'd like to kick off a user who
>tries to log in repeatedly with the wrong password or tries x times within a
>minute, my purpose is to slow down hacking atempts in situations where
>public key authentication is not possible.

# man login.conf     | grep -A 5 -B 5 retries

     login_prompt     string              The login prompt given by login(1)
     login-backoff    number    3         The number of login attempts 
                                          before the backoff delay is 
                                          after each subsequent attempt.
     login-retries    number    10        The number of login attempts 
                                          before the login fails.
     passwd_format    string    md5       The encryption format that new or
                                          changed passwords will use.  Valid
                                          values include "des", "md5" and
                                          "blf".  NIS clients using a

More information about the freebsd-questions mailing list