Re: tracking failed connections like telnet

"C37" == Cyrille37 <cyrille37@xxxxxxxxx> writes:

C37> Hello, I would like to know why sshd does not manage multiple
C37> failed connections like telnet. telnet make difficult brut force
C37> by adding time between bad password login.

C37> Many people answer me that I've to use keys against password, but
C37> sshd permit password login, so we could use it. One of the
C37> problem of password login is that people can try brut force to
C37> try to discovering password.

C37> So if sshd permit password login why it does not implement a
C37> simple protection like telnet does ? Same people answering me
C37> that I can use a Pam module or some iptables rules. But it is
C37> just another layer to protect the server. I still think sshd
C37> should implement itsekf a simple protection for password login.

C37> What do you think ? Should it be a futur option ? Have I miss
C37> some sshd option ?

I think PAM is the right place to do this. That's the whole purpose of
PAM; rather than build every conceivable AAA method into every program,
factor it out.

--
Richard Silverman
res@xxxxxxxx

.