[EXTERNAL] Re: ssh wish list?
Thomas Köller
thomas at koeller.dyndns.org
Thu Oct 19 05:59:53 AEDT 2023
Am 18.10.23 um 20:37 schrieb Robinson, Herbie:
> If one does add such a plugin, it should be in a place where it can delay for an exponentially increasing time (or return a delay time to SSH). You don’t want to just reject the login, because they might keep hammering you.
The patch I proposed just invokes an external program on every failed
login attempt detected. I does not implement any policy. And if the
offending host is blocked, by modifying firewall rules or similar, there
could be no hammering.
More information about the openssh-unix-dev
mailing list