Hi. On all my machines, I install denyhosts with a two hour timeout (DAEMON_PURGE = 2h), to block those trying to brute force a ssh login. Should we do something similar on the Freedombox?
In addition to denyhosts (which only handle ssh), there are other relevant packages in Debian: libpam-shield - locks out remote attackers trying password guessing libpam-abl - blocks hosts which are attempting a brute force attack Anyone I missed? Should we set up one of these on the Freedombox? Only denyhosts and libpam-shield seem to configure itself out of the box. The default for denyhosts is to block forever, while my experience is that this can cause denial of service if I type the wrong ssh key password three times or cancel a commit over ssh, so in my view it si too agressive, and a sensible timeout is needed. Most attackers give up after few minutes after they are blocked. I do not know the two pam modules, so I do not know if they have a timeout by default. -- Happy hacking Petter Reinholdtsen _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
