[Freedombox-discuss] Block brute force login attacks?

Petter Reinholdtsen pere at hungry.com
Tue Mar 18 12:45:46 UTC 2014


On all my machines, I install denyhosts with a two hour timeout
(DAEMON_PURGE = 2h), to block those trying to brute force a ssh login.
Should we do something similar on the Freedombox?

In addition to denyhosts (which only handle ssh), there are other
relevant packages in Debian:

  libpam-shield - locks out remote attackers trying password guessing
  libpam-abl - blocks hosts which are attempting a brute force attack

Anyone I missed?  Should we set up one of these on the Freedombox?
Only denyhosts and libpam-shield seem to configure itself out of the

The default for denyhosts is to block forever, while my experience is
that this can cause denial of service if I type the wrong ssh key
password three times or cancel a commit over ssh, so in my view it si
too agressive, and a sensible timeout is needed.  Most attackers give
up after few minutes after they are blocked. I do not know the two pam
modules, so I do not know if they have a timeout by default.

Happy hacking
Petter Reinholdtsen

More information about the Freedombox-discuss mailing list