Solaris 9, ssh and openssh

jabentay · June 8, 2009, 8:42pm

I set the RETRIES and DISABLETIME in /etc/default/login on 2 systems:

1 Solaris 9 system running Sun SSH
1 Solaris 9 system running Openssh 5.2 P1

I expected that after n failed logins, the login process will hang for n seconds.
It does when the attempted login is done at the console but when logging in via ssh or openssh, the /etc/default/login does not even get read.
I have the output from truss in both cases to prove that.

What I tried, based on suggestion from different forums, was:

set UsePAM yes and ChallengeResponseAuthentication=no same result
set UseLogin yes same result.

How can I get ssh or openssh to read values in /etc/defalt/login?

Thanks you!

System_Shock · June 9, 2009, 10:47am

You can't. You need to configure sshd_config. Also, ssh doesn't make the connection "hang", it just terminates the connection once you reach the max number of tries.

jabentay · June 9, 2009, 11:52am

Which parameter in sshd_config can I change to get it to read /etc/default/login?

seg · June 9, 2009, 1:01pm

The contents of sshd_config (and abilities of the sshd daemon) change by release and vendor so you should consult the man page for sshd_config to find the value(s) that you need.

jabentay · June 9, 2009, 1:06pm

forcing ssh to read /etc/default/login is possible isn't?

System_Shock · June 9, 2009, 2:05pm

No, is not. You configure ssh through sshd_config.

jabentay · June 9, 2009, 2:16pm

Is it possible to get either Sun SSH or openssh to allow x retries and suspend login for n seconds?

System_Shock · June 9, 2009, 2:57pm

Again, ssh doesn't suspend login, it drops the connection after x failed tries. X tries can be set in sshd_config

jabentay · June 9, 2009, 4:34pm

Thanks!