cancel
Showing results for 
Search instead for 
Did you mean: 

Sshd deamon tightening

Sshd deamon tightening

Hey admins! :D

I need your help, we just installed the ssh deamon + upgrade of all of our telnet client for SSH support.

I've tighted the sshd_config a bit(No permit root login, set the MaxAuthTries to 4 and LoginGraceTime to 1m.

But still, I don't have the nicest thing that the telnet deamon did for us, locking the account after x tries.

Is this doable?

Thanks for your help!!

5 REPLIES
Avinash20
Honored Contributor

Re: Sshd deamon tightening

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1267714

Chk if this helps
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Steven E. Protter
Exalted Contributor

Re: Sshd deamon tightening

Shalom,

Take a look at the sshd_config file. There are wonderful options in there.

You can for example prevent root login without key exchange. At my prior employer we did that before exposing an sftp server tot he public Internet.

There is a lot of customization that can be done there.

For all the nice things that you could do with telnet, telnet is a daemon with unencrypted authentication. Any value you get from options is lost by transmitting passwords across the network in clear text.

It is possible for you to run a script against lastb output and disable accounts via that method. Its highly effective.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Matti_Kurkela
Honored Contributor

Re: Sshd deamon tightening

Which version of ssh are you using?

The current versions available for free from software.hp.com certainly can lock the account after too many invalid password attempts. But if you have dredged up an ancient version from somewhere, or have compiled your own version from the OpenSSH source code, it might not interface properly with the PAM libraries of HP-UX.

MK
MK

Re: Sshd deamon tightening

It's version.
SSH-2.0-OpenSSH_5.1. I downloaded it from
http://hpux.cs.utah.edu/ pre compiled.

In my sshd_config file, I got
UsePAM no

Could it be only it? Would I have to make other changes to make it work?

Thanks!
Olivier Masse
Honored Contributor

Re: Sshd deamon tightening

May I suggest you use HP-UX Secure Shell unless you really need to use the stock OpenSSH. HP keeps it reasonably current with OpenSSH, takes care of security patches,
and you'll have the advantage of it being officially supported.