[SSHd] Increasing wait time?
rramsdell at livedatagroup.com
Tue May 6 21:24:33 UTC 2008
Doug Hardie wrote:
> On May 6, 2008, at 10:57, Randy Ramsdell wrote:
>> David Kelly wrote:
>>> On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
>>>>> Is there a way to configure SSHd, so that the wait time between
>>>>> login attempts increases after X failed tries?
>>>> Not that I know of. You should look into denyhosts (in the ports) it
>>>> works well and even has a RBL feature to block some of these script
>>>> kiddies proactively. Unfortunately, these attempts have become a fact
>>>> of life. I probably get 20 - 30 attempts a day between my various
>>> Depending on how you use ssh from external systems you could add
>>> firewall rules to disallow all but known sources.
>> I used portsentry several years ago which is a realtime portscan
>> blocker. It would trigger on this type of ssh portscan for sure. One
>> problem is that it blocks using firewall rules, hosts.deny etc...
>> and would have to be actively maintained. Meaning: I cleaned these
>> entries once a week. I am not sure it is ported to BSD either.
> Another option is to change the port SSH uses to some very unusual
> port. I do this on all the systems I use and change the port settings
> in ssh.conf and sshd.conf. This approach works if you don't have lots
> of users using SSH as it does require some sophistication to work with
> it. Since I have only 3 people who can use SSH it works great for me.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
Yeah this also works well. I just shy away from security through
obscurity. However, I also moved ssh to port 40001 or so and monitored
SYN packets. I never logged an attempt to log in accept auth'd users. It
was never port scanned for ssh specific either.
More information about the freebsd-questions