From owner-freebsd-questions@FreeBSD.ORG Fri Oct 8 10:25:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E98016A4CE for ; Fri, 8 Oct 2004 10:25:15 +0000 (GMT) Received: from catflap.slightlystrange.org (cpc2-cmbg1-3-0-cust94.cmbg.cable.ntl.com [213.107.104.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0CFF43D49 for ; Fri, 8 Oct 2004 10:25:12 +0000 (GMT) (envelope-from www@slightlystrange.org) Received: from www by catflap.slightlystrange.org with local (Exim 4.42 (FreeBSD)) id 1CFrvz-000525-3l for freebsd-questions@freebsd.org; Fri, 08 Oct 2004 11:25:11 +0100 Received: from 154.8.22.73 (SquirrelMail authenticated user dan); by catflap.slightlystrange.org with HTTP; Fri, 8 Oct 2004 11:25:10 +0100 (BST) Message-ID: <65066.154.8.22.73.1097231110.squirrel@154.8.22.73> In-Reply-To: <20041008074451.37565.qmail@web54004.mail.yahoo.com> References: <20041008074451.37565.qmail@web54004.mail.yahoo.com> Date: Fri, 8 Oct 2004 11:25:10 +0100 (BST) From: "Daniel Bye" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Sender: World Wide Web Owner Subject: Re: Protecting SSH from brute force attacks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Oct 2004 10:25:15 -0000 On Fri, 8 October, 2004 8:44 am, spam maps said: > Vulpes Velox wrote: >> On Thu, 7 Oct 2004 15:15:25 -0700 (PDT) Luke wrote: >> >>> There are several script kiddies out there hitting my SSH server >>> every day. Sometimes they attempt to brute-force their way in >> >> man login.conf for more info :) > > I'm just guessing, but are you trying to tell me that "login-retries" in > login.conf is useful? > > I have tried that by setting it to 2, but it seems to have no effect on > the sshd login behaviour. I always can try the password 6 times: > > $ ssh myname@my.own.pc > Password: > Password: > Password: > myname@my.own.pc's password: > Permission denied, please try again. > myname@my.own.pc's password: > Permission denied, please try again. > myname@my.own.pc's password: > Permission denied (publickey,password,keyboard-interactive). > $ > > So could you be a little more specific as to where login.conf is of help > here? This is still only one *connection* - sshd will offer you (or anyone else who can connect) a certain number of chances to prove your identity. Login.conf can't help with this. You can configure sshd to stop offering the keyboard-interactive auth method - set ChallengeResponseAuthentication no in /etc/ssh/sshd_config and HUP the daemon. You will no longer see the first three Password: prompts. Login.conf can help you to limit the number of successive login attempts. Make sure you run "cap_mkdb /etc/login.conf" whenever you edit the file, or you will not enable your changes. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \