SSH Deny for RSA Auth?
Posted: 25 Sep 2007, 02:07
Chirpy,
I'm not sure this has been discussed but here goes:
I've noticed that since we don't use SSH password auth we don't get Bruteforce IPs blocked for SSH. I suppose it makes sense if an RSA auth failure isn't classified as a loggin failure (I'm thinking out loud there as I'm not sure on the technical side myself yet).
Personally, I would rather see these IPs banned permanently than to get a free opportunity to hit the servers all day long. For the interim, we've lowered the login trigger for SSH and enabled SSH password auth.
So my question is can LFD track failed logins for RSA auth? Should this already be happening? Is it a bug?
I await your response.
I'm not sure this has been discussed but here goes:
I've noticed that since we don't use SSH password auth we don't get Bruteforce IPs blocked for SSH. I suppose it makes sense if an RSA auth failure isn't classified as a loggin failure (I'm thinking out loud there as I'm not sure on the technical side myself yet).
Personally, I would rather see these IPs banned permanently than to get a free opportunity to hit the servers all day long. For the interim, we've lowered the login trigger for SSH and enabled SSH password auth.
So my question is can LFD track failed logins for RSA auth? Should this already be happening? Is it a bug?
I await your response.