Feature request: FAIL_DELAY-support for sshd

Bjoern Voigt bjoern at cs.tu-berlin.de
Thu Feb 3 03:59:42 EST 2005


Gert Doering <gert at greenie.muc.de> wrote:

> What we do here is "as soon as a host has hit 3 password auth failures,
> it will get auto-added to linux-iptables rules" (and boom, no more
> tries).

Ok, thanks. This may help in some situations. 

But, how you deal with the following situation: Two users (a "good" user
and a "bad" user) are behind a firewall with one public IP. Now the
"bad" user tries 3 wrong passwords. After that, the "good" user can not
connect to his host (denial-of-service attack).

Regards, Björn


More information about the openssh-unix-dev mailing list