Feature request: AlwaysDenyLogin, LoginDelayTime

Richard Stoughton kyrieuon at gmail.com
Sat Dec 13 10:23:03 EST 2008

On Fri, Dec 12, 2008 at 5:02 PM, Ben Lindstrom <mouring at eviladmin.org> wrote:
> On Dec 11, 2008, at 3:57 PM, Richard Stoughton wrote:
>> ...
>> The basic idea behind the feature request is to let easily setup
>> a kind of tarpit sshd in parallel to a 'normal' sshd:
> Why would you run OpenSSH in a tarpit mode?  This seems like a broken idea.
>  Tarpit software should be small and non-functional (e.g. OpenBSD's spamd).
>  And OpenSSH is not. =)

In general this is surely a good rule of thumb. But in the
aforementioned scenario, where two ssh daemons would run in parallel,
a dedicated tarpit ssh daemon would not add any additional security.
And the absence of a running tarpit sshd of any kind would probably
not reduce the overall system load.

More information about the openssh-unix-dev mailing list