[Freedombox-discuss] Block brute force login attacks?
Petter Reinholdtsen
pere at hungry.com
Tue Mar 18 12:45:46 UTC 2014
Hi.
On all my machines, I install denyhosts with a two hour timeout
(DAEMON_PURGE = 2h), to block those trying to brute force a ssh login.
Should we do something similar on the Freedombox?
In addition to denyhosts (which only handle ssh), there are other
relevant packages in Debian:
libpam-shield - locks out remote attackers trying password guessing
libpam-abl - blocks hosts which are attempting a brute force attack
Anyone I missed? Should we set up one of these on the Freedombox?
Only denyhosts and libpam-shield seem to configure itself out of the
box.
The default for denyhosts is to block forever, while my experience is
that this can cause denial of service if I type the wrong ssh key
password three times or cancel a commit over ssh, so in my view it si
too agressive, and a sensible timeout is needed. Most attackers give
up after few minutes after they are blocked. I do not know the two pam
modules, so I do not know if they have a timeout by default.
--
Happy hacking
Petter Reinholdtsen
More information about the Freedombox-discuss
mailing list