08-04-2004
HOUSCOUS,
Good question. I typically use VPN and don't allow outside ssh to key systems. However, it would be a simple enough exercise to author a PAM module that kept count and updated /etc/hosts.deny based on failed attempts. I'll look at it further and see how simple it would be to do.
If you login from a perdictable number of networks, you could just use a deny all rule and then allow specific networks. You'll need to have ssh compiled to support TCP_WRAPPERS.
Cheers,
Keith
10 More Discussions You Might Find Interesting
1. AIX
Hi! I'm currently using AIX 4.3 and would like to know where can i find to see that there's a restriction on the number of login times a user can have. Example, I want to see whether user A has only 1 login while user B can have 2 logins (without logging off the first one).
Would I be able to... (7 Replies)
Discussion started by: ftengcheng
7 Replies
2. Shell Programming and Scripting
I am new to shellscript . PLease help me how can I write the following script.
$ who
ray pts/0 aug 31 01:18 ( 65.169.28.200 )
ray pts/1 sep 2 02:28 ( 65.169.28.200 )
bob pts/3 sep 2 02:31 ( 65.169.28.201 )
when run the command who |./ script , the script should... (3 Replies)
Discussion started by: LAY
3 Replies
3. BSD
Hello,
I have a small inquiry.
Sometimes, my good friend, Charlie Root, sends me security notifications that a possible breakin attempt has occured. It looks like this:
Oct 29 06:58:17 cigva sshd: reverse mapping checking getaddrinfo for 180.144.164.220.broad.sm.yn.dynamic.163data.com.cn ... (2 Replies)
Discussion started by: brightstorm
2 Replies
4. HP-UX
where I can set login fail ,lock time
thanks (2 Replies)
Discussion started by: alert0919
2 Replies
5. HP-UX
Hi,
I am a hobbyist with a very old machine I have been trying to get up and running. I have an HP 9000/C240 with 1G of RAM and 3-8.5G HD. It is configured with 1G SWAP/DUMP. Currently only one drive is in use via LVM. I have not gotten around to creating more volumes just yet.
It is running... (11 Replies)
Discussion started by: Dirk_
11 Replies
6. UNIX and Linux Applications
Is this possible to block particular user's email-client configuration on basis of pop/imap
settings in linux ,dovecot.conf or anywhere ?As you know when acl is defined in /etc/squid/squid.conf file according to its http_access users are able to access internet.
Before (1 Reply)
Discussion started by: sandeepvson
1 Replies
7. HP-UX
hi, i want to ask about why after im log in from CDE, it appears a pop up stated that i must go to Failsafe Session from the login screen's option menu and log in..... can anyone help??:) (2 Replies)
Discussion started by: ameer88
2 Replies
8. Red Hat
Hi all,
I got error, when i logged with webmin. please show me the way how can i login with webmin (4 Replies)
Discussion started by: mastansaheb
4 Replies
9. Solaris
Hi, I need some help regarding login issue. I have to use 8 server. The username is same at all. But when i was trying to access for particular 4 server. I got access denied error. Please help ....
Note: If i change my password by using root user. then I can able to enter into the same server.... (6 Replies)
Discussion started by: Mani_apr08
6 Replies
10. Programming
Hello,
i'm trying to implement the times() function and i'm programming in C.
I'm using the "struct tms" structure which consists of the fields:
The tms_utime structure member is the CPU time charged for the execution of user instructions of the calling process.
The tms_stime structure... (1 Reply)
Discussion started by: g_p
1 Replies
LEARN ABOUT SUSE
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about host-based authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if host-
based authentication is used.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
May 31, 2007 BSD