Re: Putty 0.45 vs. SSH Login

To: debian-security@lists.debian.org
Subject: Re: Putty 0.45 vs. SSH Login
From: Vincent Hanquez <tab@crans.org>
Date: Sun, 5 May 2002 19:50:56 +0200
Message-id: <[🔎] 20020505175055.GA6351@darwin.crans.org>
In-reply-to: <[🔎] 20020505172329.GA496@tve.dhs.org>
References: <[🔎] 20020505093336.A24873@delfar.ee> <[🔎] 20020505124956.GA1774@darwin.crans.org> <[🔎] 20020505150836.GA2757@tve.dhs.org> <[🔎] 20020505121549.B19227@khazad-dum> <[🔎] 20020505172329.GA496@tve.dhs.org>

On Sun, May 05, 2002 at 07:23:29PM +0200, Tim van Erven wrote:
> I don't know much about OpenSSH or PAM internals, but how about adding
> an option to PAM to make authentication always fail for root and move
> all this authentication stuff into PAM.

you could use pam to deny root access with the pam_listfile module

in /etc/pam.d/ssh add the line :
auth    required        pam_listfile.so item=user sense=deny file=/etc/sshuser onerr=succeed

and put the deny's user line by line
you'll have the 1~3 delay then and a authentification failure for root
without the 'PermitRootLogin no'

-- 
Tab


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Putty 0.45 vs. SSH Login
  - From: Rauno "Linnamäe" <raunzz@delfar.ee>
- Re: Putty 0.45 vs. SSH Login
  - From: Vincent Hanquez <tab@crans.org>
- Re: Putty 0.45 vs. SSH Login
  - From: Tim van Erven <tripudium@chello.nl>
- Re: Putty 0.45 vs. SSH Login
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Putty 0.45 vs. SSH Login
  - From: Tim van Erven <tripudium@chello.nl>

Prev by Date: Re: Putty 0.45 vs. SSH Login
Next by Date: DoS
Previous by thread: Re: Putty 0.45 vs. SSH Login
Next by thread: Re: Putty 0.45 vs. SSH Login
Index(es):
- Date
- Thread