sshd: MaxAuthTries игнорируется, если он больше 3
Я использую CentOS v7, и я пытался установить MaxAuthTries 6 , хотя это, похоже, не работает. Я использую PAM, поэтому установлено свойство UsePAM yes . Я не уверен, что это ошибка или что-то еще, блокирующее аутентификацию пытается больше трех.
В журналах Я получаю следующие результаты
[root@webserver ~]# sshd -T | grep -i 'pam\|authtries\|gracetime'
usepam yes
logingracetime 600
maxauthtries 6
[root@webserver ~]# tail -f /var/log/secure
Mar 26 12:04:41 webserver systemd: Stopping OpenSSH server daemon...
Mar 26 12:04:41 webserver systemd: Starting OpenSSH server daemon...
Mar 26 12:04:41 webserver systemd: PID file /var/run/sshd.pid not readable (yet?) after start.
Mar 26 12:04:41 webserver sshd[2308]: Server listening on 0.0.0.0 port 22.
Mar 26 12:04:41 webserver sshd[2308]: Server listening on 0.0.0.0 port 22.
Mar 26 12:04:41 webserver sshd[2308]: Server listening on :: port 22.
Mar 26 12:04:41 webserver sshd[2308]: Server listening on :: port 22.
Mar 26 12:04:41 webserver polkitd[687]: Unregistered Authentication Agent for unix-process:2301:105272 (system bus name :1.23, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 26 12:04:41 webserver polkitd[687]: Unregistered Authentication Agent for unix-process:2301:105272 (system bus name :1.23, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 26 12:04:41 webserver systemd: Started OpenSSH server daemon.
Mar 26 12:05:16 webserver unix_chkpwd[2318]: password check failed for user (test)
Mar 26 12:05:16 webserver unix_chkpwd[2318]: password check failed for user (test)
Mar 26 12:05:16 webserver sshd[2316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gateway user=test
Mar 26 12:05:16 webserver sshd[2316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gateway user=test
Mar 26 12:05:18 webserver sshd[2316]: Failed password for test from 192.168.124.1 port 48936 ssh2
Mar 26 12:05:18 webserver sshd[2316]: Failed password for test from 192.168.124.1 port 48936 ssh2
Mar 26 12:05:20 webserver unix_chkpwd[2319]: password check failed for user (test)
Mar 26 12:05:20 webserver unix_chkpwd[2319]: password check failed for user (test)
Mar 26 12:05:22 webserver sshd[2316]: Failed password for test from 192.168.124.1 port 48936 ssh2
Mar 26 12:05:22 webserver sshd[2316]: Failed password for test from 192.168.124.1 port 48936 ssh2
Mar 26 12:05:25 webserver unix_chkpwd[2320]: password check failed for user (test)
Mar 26 12:05:25 webserver unix_chkpwd[2320]: password check failed for user (test)
Mar 26 12:05:27 webserver sshd[2316]: Failed password for test from 192.168.124.1 port 48936 ssh2
Mar 26 12:05:27 webserver sshd[2316]: Failed password for test from 192.168.124.1 port 48936 ssh2
Mar 26 12:05:27 webserver sshd[2316]: Connection closed by 192.168.124.1 [preauth]
Mar 26 12:05:27 webserver sshd[2316]: Connection closed by 192.168.124.1 [preauth]
Mar 26 12:05:27 webserver sshd[2316]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=gateway user=test
Mar 26 12:05:27 webserver sshd[2316]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=gateway user=test
2
задан kasperd
27 March 2017 в 00:41
Ссылка
1 ответ
Есть опция на стороне клиента(ssh_config), NumberOfPasswordPrompts, которая по умолчанию настроена на 3. Поэтому я не смог выйти за рамки 3-х попыток.
NumberOfPasswordPrompts
Specifies the number of password prompts before giving up. The argument to this keyword must be an integer. The default is 3.
3