[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: How to use SSH with Failed Login attempts and locking accounts
From: bob () proulx ! com (Bob Proulx)
Date: 2006-07-26 16:02:37
Message-ID: 20060726160237.GA21432 () dementia ! proulx ! com
[Download RAW message or body]
Hughes Andy wrote:
> I am using openssh (OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005) on MP-RAS
> Version 3.3.1.8 and 3.2 and I desire to allow a user to fail login for
> any reason only 3 (three) times and then lock the account.
That is a very bad idea for many reasons. If you search around you
will find references to denial of service attacks due to
configurations such as what you propose. The basic problem is that an
attacker will disable the account for a valid user.
Why do you want to do this? It is computationally infeasible to brute
force through a password cracking attempt from the remote interface.
Bob
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic