Time to add exponential backoff for SSH interactive login failures?

Peter Stuge stuge-openssh-unix-dev at cdy.org
Fri Dec 17 02:22:53 EST 2004

On Thu, Dec 16, 2004 at 08:59:58AM -0500, Jim Knoble wrote:
> unless the attacker performed a distributed attack (against which
> sshd is currently defenseless anyway).

Only accepting public key authentication will at least increase
time and cost for an attacker performing an exhaustive search, which
makes the attack both easier to spot, and reduces the chance of

Protocol backoff would be done in sshd, but is there really a point?
Adjust MaxAuthTries and rely on TCP backoff instead.

TCP backoff certainly shouldn't be done in sshd, IMHO.


More information about the openssh-unix-dev mailing list