SSH login takes very long time...sometimes
Volker Stolz
vs at FreeBSD.org
Wed Feb 22 06:06:10 PST 2006
* Atanas <atanas at asd.aplus.net>:
> I really miss the inetd features. A setting like "nowait/100/20/5"
> (/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]])
> would effectively bounce the bad guys, but AFAIK (correct me if I'm
> wrong), ssh is no longer supposed to work via inetd and still has no
> such capabilities.
We're succesfully running openssh-portable from inetd with:
ssh stream tcp nowait/0/12 root /usr/local/sbin/sshd sshd -i -f /etc/ssh/sshd_config
vs at lambda$ grep ssh /var/log/messages
Feb 14 02:15:04 lambda inetd[19345]: ssh from 62.81.185.120 exceeded counts/min (limit 12/min)
Feb 14 02:15:04 lambda inetd[19345]: ssh from 62.81.185.120 exceeded counts/min (limit 12/min)
Feb 14 16:43:15 lambda inetd[19345]: ssh from 220.130.23.134 exceeded counts/min (limit 12/min)
...
I'd also recommend pam_af for locking out brute-forcers:
http://mbsd.msk.ru/pam_af.html
For example we have:
<host hostname='tin.cn.ee.ccu.edu.tw'>
<attempts>9</attempts>
<last_attempt>Mon Nov 7 15:05:50 2005</last_attempt>
<status>locked</status>
</host>
vs at lambda$ sudo pam_af_tool statlist | grep locked | wc -l
363
Volker
--
http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME
"All the excitement lies in pattern matching." (SPJ et al.)
More information about the freebsd-stable
mailing list