Finally I found the proper PAM-Module: it's pam_tally. It seems to be in every PAM distribution, but it is not documented (is that a bug that should be filed to the maintainers?). Setting it all up with PAM was pretty easy auth required /lib/security/pam_tally.so no_magic_root account required /lib/security/pam_tally.so deny=10 no_magic_root I know that I am now suspect to a DOS-attack, probably I will set up a cron-task that resets the counter ervery n hours, at lease for my account :) using faillog. Alex. Andreas Siegert To: suse-security@suse.com Subject: Re: [suse-security] OpenSSH: Disable account after n failed logins 16.02.01 18:42 Quoting Kurt Seifried (listuser@seifried.org) on Thu, Feb 15, 2001 at 06:26:52PM +0100:

...

Hi,

two questions to secure my linux system:

1. Is there a switch where I can disable an account after n failed login attempts?

That's a really good way to get yourself denial of serviced......

Hmmm, there are systems that have an automatic reenable mechanism with a delay.... Anyone got a pam module for this? afx -- atsec information security GmbH Phone: +49-89-44249830 Steinstrasse 68 Fax: +49-89-44249831 D-81667 Muenchen, Germany WWW: www.atsec.com May the Source be with you! --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com