SSH login takes very long time...sometimes
Atanas
atanas at asd.aplus.net
Fri Feb 17 11:10:42 PST 2006
Marian Hettwer said the following on 02/17/06 00:39:
> Atanas wrote:
>> Last year I already had to decrease the LoginGraceTime from 120 to 30
>> seconds on my production boxes, but it didn't help much, so on top of
>> that I got to implement (reinvent the wheel again) a script tailing the
>> auth.log and firewalling bad gyus in order to secure sshd and let my
>> legitimate users in.
>>
> You could get rid of parsing auth.log and everything and just use pf(4)
> instead.
>
> Look at that:
> # sshspammer table
> table <sshspammer> persist
> block log quick from <sshspammer>
>
> # sshspammer
> # more than 6 ssh attempts in 15 seconds will be blocked ;)
> pass in quick on $ext_if proto tcp to ($ext_if) port ssh $tcp_flags
> (max-src-con
> n 10, max-src-conn-rate 6/15, overload <sshspammer> flush global)
>
Thanks for the suggestion! The pf in 5.x/6.x base and especially its
rate-limit capability seems to be a good reason to upgrade my existing
4.x based boxes before RELENG_4's EoL.
Regards,
Atanas
More information about the freebsd-stable
mailing list