From owner-freebsd-questions@FreeBSD.ORG Sun Jun 22 15:28:30 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6D6051E2 for ; Sun, 22 Jun 2014 15:28:30 +0000 (UTC) Received: from mail-vc0-x22f.google.com (mail-vc0-x22f.google.com [IPv6:2607:f8b0:400c:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2E5C92E36 for ; Sun, 22 Jun 2014 15:28:30 +0000 (UTC) Received: by mail-vc0-f175.google.com with SMTP id hy4so4995723vcb.34 for ; Sun, 22 Jun 2014 08:28:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=4xA5blzQhafMd//JEmSxZM7p/keZ2OmrUXVLL7aLBBw=; b=vAJBECPCChNxrpeNL0QEYw5iiB90yFfMtBXdrFfykp2gt4y6eiyVSOE/lX6cGyuQ4w ZjYrFU57FD9BQjrm5o4k1u51D5WDvRCmRXE21VN3d5Jk4mRP9G4bo3oYI+v0JTZET8QY hAN3FVPxpE12ObnudOoQ2nlaCtpASsBHFzzeDqjPts05SvY3P88fo6w+/QRaz32ws7QE 26dNS7p9fPgao06tKRek8AheZ2Yzg9uOrjmCMzEyTaUMUsrhhnICDth7EBdwjPSt+Ehb Lwj/ZHoAlmeycPW0oOt24v3oG5RaIN1uuGxC+9GTANcnkHK/Na5+/q4VaSHwU+PenhtD RurQ== MIME-Version: 1.0 X-Received: by 10.220.182.5 with SMTP id ca5mr72160vcb.50.1403450909351; Sun, 22 Jun 2014 08:28:29 -0700 (PDT) Sender: christopher.maness@gmail.com Received: by 10.58.191.35 with HTTP; Sun, 22 Jun 2014 08:28:29 -0700 (PDT) In-Reply-To: References: Date: Sun, 22 Jun 2014 08:28:29 -0700 X-Google-Sender-Auth: _NsCuoWJvochAndWHRCkh7vhf20 Message-ID: Subject: Re: PAM: Authentication Attack? From: Chris Maness To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jun 2014 15:28:30 -0000 After digging around I am going to use sshgaurd-pf. Any opinions on this software? Chris On Sun, Jun 22, 2014 at 8:00 AM, Chris Maness wrote: > I am running denyhost for failed sshd logins, but I am not sure if it > blocks passwordless PAM attempts. I am having a lot of hits right now > on PAM failures for my root account. > > Any suggestions as far as a good way to deal with this? > > Thanks, > Chris