SSH login takes very long time...sometimes

[Marian Hettwer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hej there,

Atanas wrote:
> Dag-Erling Smørgrav said the following on 02/15/06 23:35:
> 
>> David Malone <dwmalone at maths.tcd.ie> writes:

> Last year I already had to decrease the LoginGraceTime from 120 to 30
> seconds on my production boxes, but it didn't help much, so on top of
> that I got to implement (reinvent the wheel again) a script tailing the
> auth.log and firewalling bad gyus in order to secure sshd and let my
> legitimate users in.
> 
You could get rid of parsing auth.log and everything and just use pf(4)
instead.

Look at that:
# sshspammer table
table <sshspammer> persist
block log quick from <sshspammer>

# sshspammer
# more than 6 ssh attempts in 15 seconds will be blocked ;)
pass in quick on $ext_if proto tcp to ($ext_if) port ssh $tcp_flags
(max-src-con
n 10, max-src-conn-rate 6/15, overload <sshspammer> flush global)


> I really miss the inetd features. A setting like "nowait/100/20/5"
> (/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]])
> would effectively bounce the bad guys, but AFAIK (correct me if I'm
> wrong), ssh is no longer supposed to work via inetd and still has no
> such capabilities.
> 
I believe what you are searching for is indeed the pf(4) stuff mentioned
 above :)

> I'd be nice to have something like for instance the sendmail's client
> and rate connection limits, but I guess this is not the right place to ask.
> 
I believe it is. It's about FreeBSD and about Security ;-)

regards,
Marian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD9YvKgAq87Uq5FMsRAik2AKDMXXj4K0Pb9i0Qc6Cqowtzp6dynwCeIOpn
gwk9aMT1skGMWis8tRL1Xtk=
=jV8k
-----END PGP SIGNATURE-----