If you use PAM, have a read on: 'man pam_fail_delay'. Also, if you are doing this because someone is banging on your sshd from say the Internet, then you should also look at the following sshd_config options: PermitRootLogin AllowUsers
Ideally, you'd want to setup RSA key based authorization, and disable regular logins completely. This is not always acceptable for people, but generally seems to be the most 'secure' way of setting up remote ssh access. 'man sshd_config' provides all of the juicy details here... hth, --James On Saturday 09 April 2005 08:23, James R. Campbell wrote: > SSH2 supports the 'PasswordGuesses' option to the sshd_config file, but > OpenSSH relies on your authorization mechanism to take care of this type of > thing, IIRC. > > 'FAIL_DELAY' and 'LOGIN_RETRIES' paramaters in your /etc/login.defs are > probably what you are after if you have them in use. 'man 5 login.defs' > should give you what you need. > > --James > > On Friday 08 April 2005 17:29, A. Khattri wrote: > > Was wondering if there's a way to put a temporary lock on account if > > there are too many login failures? By temporary I mean locked for a > > certain period of time. (This is for ssh BTW). -- -- -- --This Message Powered by Linux-- --Registered Linux User 227032-- James R. Campbell, Owner Reliant Data Systems 875 Pebble Lane Florissant, MO 63033 (314) 616-1651 (Phone) http://www.reliant-data.com
pgpOwO92UoCMQ.pgp
Description: PGP signature
