Two part SSH authentication with key and remote unix password

komputes komputes at gmail.com
Fri May 15 06:53:38 UTC 2009


I would like to edit the PAM authentication procedure for SSH so that a
key is needed to connect, but then the remote UNIX password is requested
before sending a command prompt.

Another nice-to-have is if the password authentication fails 9 times (3
connection attempts) the ip is logged and blocked, using ufw syntax
(preferred over iptables).

In my head it looks a little something like this:

ssh bob at remote.server
                |
                |
         Public Key?--[no]--> Fail - disconnect and log attempt
                |
             [yes]
                |
       UNIX Password?--[no]--> Fail*3=disconnect and log attempt.
Fail*9=block IP.
                |
             [yes]
                |
     Great Success -> bob at remote:~$

If anyone has the smarts to guide me through this I'd appreciate the help.

-komputes




More information about the ubuntu-users mailing list