[NBLUG/talk] opensshd delay after fail

Christopher Wagner chrisw at pacaids.com
Mon Oct 17 09:32:07 PDT 2005


I don't have your answer but I was curious...
-----
$ ssh -l root ssh.example.com
Password: <garbage>
<delay 2-3 secs>
Password: <garbage>
<delay 2-3 secs>
Password: <garbage>
<delay 2-3 secs>
root at ssh.example.com's password:
<no delay>
Permission denied, please try again.
root at ssh.example.com's password:
<no delay>
Permission denied, please try again.
root at ssh.example.com's password:
<no delay>
Permission denied, please try again.
$
-----

I'm rather puzzled by this behavior.  (It asks six times, with the first
three being a different password prompt, with the delay).  Any ideas?

I'm running Debian Etch, all stock packages.

- Chris

Bob Blick wrote:

>Everybody who reads their logs sees brute force ssh login attempts, once
>per second or more frequently.
>
>For highest security, having no users and disabling interactive ssh is the
>way to go, but this is impractical.
>
>Some people have routed sshd through the pam modules to add a delay, but
>pam doesn't behave the way one would like for ssh.
>
>Has anyone found a solution that adds a delay to sshd for failed login
>attempts? A patch to opensshd or an alternative to opensshd?
>
>Thanks,
>
>Bob
>
>
>
>_______________________________________________
>talk mailing list
>talk at nblug.org
>http://nblug.org/cgi-bin/mailman/listinfo/talk
>  
>



More information about the talk mailing list