Date: Fri, 17 Feb 2006 11:18:24 -0800 From: Atanas <atanas@asd.aplus.net> To: Marian Hettwer <MH@kernel32.de> Cc: freebsd-stable@freebsd.org Subject: Re: SSH login takes very long time...sometimes Message-ID: <43F62180.40700@asd.aplus.net> In-Reply-To: <43F58BCD.1070202@kernel32.de> References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com> <20051227101621.GA16276@walton.maths.tcd.ie> <86irrfoix5.fsf@xps.des.no> <43F4E3B0.1090806@asd.aplus.net> <43F58BCD.1070202@kernel32.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Marian Hettwer said the following on 02/17/06 00:39: > Atanas wrote: >> Last year I already had to decrease the LoginGraceTime from 120 to 30 >> seconds on my production boxes, but it didn't help much, so on top of >> that I got to implement (reinvent the wheel again) a script tailing the >> auth.log and firewalling bad gyus in order to secure sshd and let my >> legitimate users in. >> > You could get rid of parsing auth.log and everything and just use pf(4) > instead. > > Look at that: > # sshspammer table > table <sshspammer> persist > block log quick from <sshspammer> > > # sshspammer > # more than 6 ssh attempts in 15 seconds will be blocked ;) > pass in quick on $ext_if proto tcp to ($ext_if) port ssh $tcp_flags > (max-src-con > n 10, max-src-conn-rate 6/15, overload <sshspammer> flush global) > Thanks for the suggestion! The pf in 5.x/6.x base and especially its rate-limit capability seems to be a good reason to upgrade my existing 4.x based boxes before RELENG_4's EoL. Regards, Atanas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F62180.40700>