pam_abl provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts
Created attachment 229555 [details, diff]
added abl use flag at the openssh ebuild
Erm, so the only thing you're changing is setting a USE flag to automatically depend on another package? Isn't it sufficient to just emerge the package itself instead of requiring other packages to pull it in, or does the openssh ebuild then configure and compile in support for pam_abl? In the latter case, the econf call should be changed accordingly and your diff (which should preferably be a unified diff, by the way) would be only half the work.
the only required step is to add the following line to /etc/pam.d/system-auth
auth required /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
no other steps are required
No you definitely *don't* want to add this to OpenSSH. I'll take it as a pambase feaure request but very _very_ low on priority for now if you don't mind.
FTR, I'm having this setup on my router:
system-remote-login:auth required pam_abl.so config=/etc/security/pam_abl.conf
I'm integrating this already in the new m4 branch of pambase.
Hmmm, rather not.