From owner-freebsd-questions@FreeBSD.ORG  Sat Nov 13 13:55:27 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B872916A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Nov 2004 13:55:27 +0000 (GMT)
Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F77343D2D
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Nov 2004 13:55:27 +0000 (GMT)	(envelope-from kdk@daleco.biz)
Received: from [69.27.131.0] ([69.27.131.0]) by ns1.tiadon.com with Microsoft
	SMTPSVC(6.0.3790.211);	 Sat, 13 Nov 2004 07:51:52 -0600
Message-ID: <41961256.5050309@daleco.biz>
Date: Sat, 13 Nov 2004 07:55:34 -0600
From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041023
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: dave <dmehler26@woh.rr.com>
References: <000501c4c934$21a46200$0200a8c0@satellite>
In-Reply-To: <000501c4c934$21a46200$0200a8c0@satellite>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 13 Nov 2004 13:51:52.0827 (UTC)
	FILETIME=[EE41BCB0:01C4C987]
cc: Drew Tomlinson <drew@mykitchentable.net>
cc: freebsd-questions@freebsd.org
Subject: Re: limiting ssh logins
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Nov 2004 13:55:27 -0000

dave wrote:

>Hello,
>    I'm wondering if it's possible to use pam or perhaps tcp_wrappers to
>limit how many ssh logins can be atempted? I'd like to kick off a user who
>tries to log in repeatedly with the wrong password or tries x times within a
>minute, my purpose is to slow down hacking atempts in situations where
>public key authentication is not possible.
>Thanks.
>Dave.
>
>  
>


# man login.conf     | grep -A 5 -B 5 retries

     login_prompt     string              The login prompt given by login(1)
     login-backoff    number    3         The number of login attempts 
allowed
                                          before the backoff delay is 
inserted
                                          after each subsequent attempt.
     login-retries    number    10        The number of login attempts 
allowed
                                          before the login fails.
     passwd_format    string    md5       The encryption format that new or
                                          changed passwords will use.  Valid
                                          values include "des", "md5" and
                                          "blf".  NIS clients using a