On Sat 28 Dec 2024 at 21:43:06 +0000, John Klos wrote: > Hi, > > > In pkgsrc there is security/pam-af which keeps the same sort of > > information as blacklistd, but using PAM instead of being generic. > > It is configured using the pam_af_tool which stored the config in the > > same database. > > Wouldn't this reject connections at the same place as connections that are > rejected because of the lack of password authentication? Close, I suppose, but a bit earlier. I don't have a configuration example at hand (the manual doesn't seem to have one) but I think you'd configure it in /etc/pam.d/sshd as the first or one of the first lines and I expect that PAM is checked before sshd tries most other things. > John -Olaf. -- ___ Olaf 'Rhialto' Seibert <rhialto/at/falu.nl> \X/ There is no AI. There is just someone else's work. --I. Rose
Attachment:
signature.asc
Description: PGP signature