| 1 |
On Fri, 16 Jan 2009 21:28:07 -0800 |
| 2 |
Grant <emailgrant@×××××.com> wrote: |
| 3 |
|
| 4 |
> Should I do that via an ssh config setting, in shorewall, or somewhere else? |
| 5 |
|
| 6 |
I believe the right way would be to add 'account required |
| 7 |
pam_access.so' line to /etc/pam.d/system-auth and define login |
| 8 |
restrictions in /etc/securety/access.conf (it's also quite well |
| 9 |
documented). |
| 10 |
|
| 11 |
That way you'll block ssh/ftp/mail etc logins for that account, which |
| 12 |
should also be prone to brutforce attacks because of weak password. |
| 13 |
|
| 14 |
The catch is, of course, that you should have pam on your system ;) |
| 15 |
|
| 16 |
-- |
| 17 |
Mike Kazantsev // fraggod.net |
Archives