centos6-64:non-existing users over ssh refused without wait?bug or config?

General support questions

centos6-64:non-existing users over ssh refused without wait?bug or config?

Postby paja_slovany » 2012/08/17 10:50:05

hello,
i have some security problems,installed centos 6.3,yum update,change maxauthtries to 1 in sshd_config(going to use pam_abl,not in use yet),with wrong password root waits before disconnect,unknown user(any other) just quick disconnect,that opens security hole to name guessing
if i set maxauthtries to 2,non-existing user gets 1 try and root gets 2(as if those numbers were set for maxauthtries)
so..what now?
paja
paja_slovany
 
Posts: 1
Joined: 2012/08/17 10:39:52

centos6-64:non-existing users over ssh refused without wait?

Postby KermitDaFragger » 2012/08/18 09:20:36

This is probably a PAM configuration issue, not an SSH configuration issue (unless you have configured SSH not to use PAM).

However instead of fixing your PAM setup if you want real security you are beter off not using passwords. Use public/private keys. See our wiki on how to set this up.
KermitDaFragger
 
Posts: 195
Joined: 2009/09/11 19:23:05
Location: the Netherlands


Return to CentOS 6 - General Support

Who is online

Users browsing this forum: Exabot [Bot] and 11 guests