- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Sshd deamon tightening
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 10:53 AM
тАО12-10-2008 10:53 AM
Sshd deamon tightening
I need your help, we just installed the ssh deamon + upgrade of all of our telnet client for SSH support.
I've tighted the sshd_config a bit(No permit root login, set the MaxAuthTries to 4 and LoginGraceTime to 1m.
But still, I don't have the nicest thing that the telnet deamon did for us, locking the account after x tries.
Is this doable?
Thanks for your help!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 11:03 AM
тАО12-10-2008 11:03 AM
Re: Sshd deamon tightening
Chk if this helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 11:25 AM
тАО12-10-2008 11:25 AM
Re: Sshd deamon tightening
Take a look at the sshd_config file. There are wonderful options in there.
You can for example prevent root login without key exchange. At my prior employer we did that before exposing an sftp server tot he public Internet.
There is a lot of customization that can be done there.
For all the nice things that you could do with telnet, telnet is a daemon with unencrypted authentication. Any value you get from options is lost by transmitting passwords across the network in clear text.
It is possible for you to run a script against lastb output and disable accounts via that method. Its highly effective.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 12:41 PM
тАО12-10-2008 12:41 PM
Re: Sshd deamon tightening
The current versions available for free from software.hp.com certainly can lock the account after too many invalid password attempts. But if you have dredged up an ancient version from somewhere, or have compiled your own version from the OpenSSH source code, it might not interface properly with the PAM libraries of HP-UX.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2008 05:50 AM
тАО12-11-2008 05:50 AM
Re: Sshd deamon tightening
SSH-2.0-OpenSSH_5.1. I downloaded it from
http://hpux.cs.utah.edu/ pre compiled.
In my sshd_config file, I got
UsePAM no
Could it be only it? Would I have to make other changes to make it work?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2008 06:23 AM
тАО12-11-2008 06:23 AM
Re: Sshd deamon tightening
and you'll have the advantage of it being officially supported.