[SSHd] Increasing wait time?

Randy Ramsdell rramsdell at livedatagroup.com
Tue May 6 21:24:33 UTC 2008

Doug Hardie wrote:
> On May 6, 2008, at 10:57, Randy Ramsdell wrote:
>> David Kelly wrote:
>>> On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
>>>>> Is there a way to configure SSHd, so that the wait time between
>>>>> login attempts increases after X failed tries?
>>>> Not that I know of. You should look into denyhosts (in the ports) it
>>>> works well and even has a RBL feature to block some of these script
>>>> kiddies proactively. Unfortunately, these attempts have become a fact
>>>> of life. I probably get 20 - 30 attempts a day between my various
>>>> servers.
>>> Depending on how you use ssh from external systems you could add
>>> firewall rules to disallow all but known sources.
>> I used portsentry several years ago which is a realtime portscan 
>> blocker. It would trigger on this type of ssh portscan for sure. One 
>> problem is that it blocks using  firewall rules, hosts.deny etc... 
>> and would have to be actively maintained. Meaning: I cleaned these 
>> entries once a week. I am not sure it is ported to BSD either.
> Another option is to change the port SSH uses to some very unusual 
> port.  I do this on all the systems I use and change the port settings 
> in ssh.conf and sshd.conf.  This approach works if you don't have lots 
> of users using SSH as it does require some sophistication to work with 
> it.  Since I have only 3 people who can use SSH it works great for me. 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"
Yeah this also works well. I just shy away from security through 
obscurity. However, I also moved ssh to port 40001 or so and monitored 
SYN packets. I never logged an attempt to log in accept auth'd users. It 
was never port scanned for ssh specific either.

More information about the freebsd-questions mailing list