Time to add exponential backoff for SSH interactive login failures?
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Fri Dec 17 02:22:53 EST 2004
On Thu, Dec 16, 2004 at 08:59:58AM -0500, Jim Knoble wrote:
> unless the attacker performed a distributed attack (against which
> sshd is currently defenseless anyway).
Only accepting public key authentication will at least increase
time and cost for an attacker performing an exhaustive search, which
makes the attack both easier to spot, and reduces the chance of
success.
Protocol backoff would be done in sshd, but is there really a point?
Adjust MaxAuthTries and rely on TCP backoff instead.
TCP backoff certainly shouldn't be done in sshd, IMHO.
//Peter
More information about the openssh-unix-dev
mailing list