Feature request: FAIL_DELAY-support for sshd

Gert Doering gert at greenie.muc.de
Thu Feb 3 02:02:51 EST 2005


Hi,

On Wed, Feb 02, 2005 at 03:41:44PM +0100, Sergio Gelato wrote:
> Would it really? My experience with these scans is that they don't make
> much more than a hundred or so attempts on each server. At one attempt
> per second, they're often long over by the time I review the logs. Merely
> slowing them down is not going to decrease the total number of attempts,
> I would think. 

What we do here is "as soon as a host has hit 3 password auth failures,
it will get auto-added to linux-iptables rules" (and boom, no more tries).

The code is still too messy to share, and too customized to work anywhere
else, though.

Plugging it into opensshd was very easy, though - just using the
"record_failed_login()" hook in auth.c, and adding our own .c file 
to the to-be-built objects :-)

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de




More information about the openssh-unix-dev mailing list