Time to add exponential backoff for SSH interactive login failures?
Jay Libove
libove at felines.org
Fri Dec 17 13:01:53 EST 2004
I'm accustomed to systems where even the first failed login attempt
incurs a 5 second delay. I don't think that's too harsh, but everyone
has their own needs and considerations. This could be made
configurable.
-Jay
-----Original Message-----
From: Rick Jones [mailto:rick.jones2 at hp.com]
Sent: Wednesday, December 15, 2004 8:09 PM
To: Jay Libove
Cc: openssh-unix-dev at mindrot.org
Subject: Re: Time to add exponential backoff for SSH interactive login
failures?
> Discussion, pros/cons?
I think it would be good to be a triffle more gentle on the honest but
fumble-fingered and only start the backoff after say the third failed
login attempt.
rick jones
More information about the openssh-unix-dev
mailing list