[SSHd] Increasing wait time?
Beech Rintoul
beech at freebsd.org
Tue May 6 17:59:33 UTC 2008
On Tuesday 06 May 2008, David Kelly said:
> On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
> > > Is there a way to configure SSHd, so that the wait time between
> > > login attempts increases after X failed tries?
> >
> > Not that I know of. You should look into denyhosts (in the ports)
> > it works well and even has a RBL feature to block some of these
> > script kiddies proactively. Unfortunately, these attempts have
> > become a fact of life. I probably get 20 - 30 attempts a day
> > between my various servers.
>
> Depending on how you use ssh from external systems you could add
> firewall rules to disallow all but known sources.
I was doing that in the past, but I found it to be inflexable and
sometimes a pain to deal with. I sometimes need to access a server
from a new location and that kind of hard lockdown just isn't
practical. The denyhosts solution works very well for me and the RBH
feature blocks 9 out of 10 attempts outright.
Beech
--
---------------------------------------------------------------------------------------
Beech Rintoul - FreeBSD Developer - beech at FreeBSD.org
/"\ ASCII Ribbon Campaign | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail | http://www.freebsd.org
X - NO Word docs in e-mail | Latest Release:
/ \ - http://www.FreeBSD.org/releases/7.0R/announce.html
---------------------------------------------------------------------------------------
More information about the freebsd-questions
mailing list