Feature request: FAIL_DELAY-support for sshd

[Damien Miller]

Sergio Gelato wrote:

> What I would find more useful is a more configurable policy as to what
> authentications are acceptable from various sources. One may want to
> only allow one-time passwords from untrusted IPs, for example. But since
> I don't have code (nor even a particularly elegant design) to contribute 
> for this, I won't press the idea.

I am doing some work towards implementing this, but per-source auth
controls won't be in the next release.

Until then, you can fake it by running multiple instances of sshd with
different configurations with packet filter control over who gets to
see what.

-d