[NBLUG/talk] opensshd delay after fail
Augie Schwer
augie.schwer at gmail.com
Tue Oct 18 22:47:07 PDT 2005
On 10/17/05, Bob Blick <bblick at sonic.net> wrote:
> Everybody who reads their logs sees brute force ssh login attempts, once
> per second or more frequently.
> For highest security, having no users and disabling interactive ssh is the
> way to go, but this is impractical.
> Some people have routed sshd through the pam modules to add a delay, but
> pam doesn't behave the way one would like for ssh.
> Has anyone found a solution that adds a delay to sshd for failed login
> attempts? A patch to opensshd or an alternative to opensshd?
What about some dynamic iptables rules using the TARPIT target?
Watch the logs for failed login attempts, or logins that don't exist
on your system, and then tarpit 'em.
Augie.
--
Registered Linux user #229905
GPG Public Key: http://www.schwer.us/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072
More information about the talk
mailing list