I'm looking for advice on the best way to tackle a problem I'm encountering. I
have a box which uses IPA/AD for authentication. SSH is running and open and all users
should be able to log in. The box sees quite a bit of malicious access attempts - each of
these attempts is having its (false) credentials sent to AD for verification. This has
resulted in some AD service accounts being locked out due to too many failed login
attempts. How can I configure this box so that no lookups are performed on AD for a list
of accounts that I specify?
Show replies by date
I was able to accomplish this using the filter_users option in /etc/sssd/sssd.conf.
Thanks!