Feature request: AlwaysDenyLogin, LoginDelayTime
kyrieuon at gmail.com
Sat Dec 13 10:23:03 EST 2008
On Fri, Dec 12, 2008 at 5:02 PM, Ben Lindstrom <mouring at eviladmin.org> wrote:
> On Dec 11, 2008, at 3:57 PM, Richard Stoughton wrote:
>> The basic idea behind the feature request is to let easily setup
>> a kind of tarpit sshd in parallel to a 'normal' sshd:
> Why would you run OpenSSH in a tarpit mode? This seems like a broken idea.
> Tarpit software should be small and non-functional (e.g. OpenBSD's spamd).
> And OpenSSH is not. =)
In general this is surely a good rule of thumb. But in the
aforementioned scenario, where two ssh daemons would run in parallel,
a dedicated tarpit ssh daemon would not add any additional security.
And the absence of a running tarpit sshd of any kind would probably
not reduce the overall system load.
More information about the openssh-unix-dev