Two part SSH authentication with key and remote unix password
Carl Friis-Hansen
ubuntuuser at carl-fh.com
Fri May 15 07:16:12 UTC 2009
komputes wrote:
> I would like to edit the PAM authentication procedure for SSH so that a
> key is needed to connect, but then the remote UNIX password is requested
> before sending a command prompt.
>
> Another nice-to-have is if the password authentication fails 9 times (3
> connection attempts) the ip is logged and blocked, using ufw syntax
> (preferred over iptables).
>
> In my head it looks a little something like this:
>
> ssh bob at remote.server
> |
> |
> Public Key?--[no]--> Fail - disconnect and log attempt
> |
> [yes]
> |
> UNIX Password?--[no]--> Fail*3=disconnect and log attempt.
> Fail*9=block IP.
> |
> [yes]
> |
> Great Success -> bob at remote:~$
>
> If anyone has the smarts to guide me through this I'd appreciate the help.
>
> -komputes
Could you use something like pam-abl?
http://tech.tolero.org/blog/en/linux/ssh-password-brute-force-protection
--
---------=oOOo=---------
Carl Friis-Hansen
http://carl-fh.com/
Phone: +46 372 15033
---------=oOOo=---------
More information about the ubuntu-users
mailing list