Control over ssh logins
Control over ssh logins
ssh is a protocol that allows Linux users to remotely access the command line of a Linux machine, so to create the necessary level of security, we must control the number of times the user logs in unsuccessfully. For example, if a user tries to log in three times unsuccessfully, he should not be able to log in via ssh for 30 minutes. For this purpose we use a PAM module called pam_tally2
This module has two components, the pam_tally2.so file and the pam_tally2 command, which is the library pam_tally2.so file used to control failed entries, and the pam_tally2 command, which displays a report of failed entries per user. Before setting up the module, we check the log file for user logins and the lines for unsuccessful ssh logins
Suppose a user from 192.168.214.130 intends to connect to a Linux machine at 192.168.214.135 with his account and username. If you enter your password incorrectly, the log will be entered into the /var/log/secure file. To set this security control on the number of failed entries, the following two files must be edited
vi /etc/pam.d/system-auth
vi /etc/pam.d/password-auth
Enter the following line in both files at the beginning of the auth section
auth required pam_tally2.so file=/var/log/tallylog deny=3ev en_deny_root unlock_time=1000
file: The file and path of the file in which the logs will be registered
deny: Specifies the number of failed entries
en_deny_root: Specifies that the root account will also be blocked if failed logins are repeated
unlock_time: The amount of time in seconds after which the account is unblocked
On the top line, after three failed logins, the account is blocked for 1000 seconds or 30 minutes
Also enter the following line in both files and in the account section of both files
account required pam_tally2.so
The command pam_tally2 shows the list of users who tried to log in unsuccessfully to the machine, along with the number of failed logins and the origin of the input machine
pam_tally2 -u username
Use the reset switch to remove the user from the block mode
جهت مشاهده دوره های آموزشی بر روی این لینک کلیک نمایید.
جدیدترین اخبار مجموعه فراز نتورک را در این صفحه اجتماعی دنبال کنید.
دیدگاهتان را بنویسید
برای نوشتن دیدگاه باید وارد بشوید.