[SSHd] Increasing wait time?
Norbert Papke
fbsd-ml at scrapper.ca
Thu May 8 02:35:50 UTC 2008
On May 7, 2008, Mel wrote:
> On Wednesday 07 May 2008 06:16:19 Norbert Papke wrote:
> > On May 6, 2008, Gilles wrote:
> > > Is there a way to configure SSHd, so that the wait time between login
> > > attempts increases after X failed tries?
> >
> > I run sshd via inetd rather than as a stand-alone daemon. inetd provides
> > optional rate limiting functionality. For instance. putting
> >
> > ssh stream tcp nowait/20/4/10 root /usr/sbin/sshd sshd -i
> >
> > into /etc/inetd.conf set a limit of
> >
> > * 20 overall ssh connections
> > * 4 connection attempts per minute
> > * at most 10 connections from a single IP
> >
> > This works very well on a personal server, not sure how it scales up.
>
> So if I copy over some files via scp, I can lock myself out. Fun stuff ;)
Absolutely. But the same can happen with any rate limiting solution.
However, in practice this has never been an issue for me. First, I tend to
copy large sets of files using a single connection. Either 'scp -r' or by
running tar/rsync through an ssh tunnel. Second, this kind of limit is
enough to discourage script kiddies, but caps my downside risk to an
acceptable (to me) one minute lock out.
Anyway, it works for me.
Cheers,
-- Norbert.
More information about the freebsd-questions
mailing list