From owner-freebsd-stable@FreeBSD.ORG  Wed Feb 22 14:06:10 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 655C916A420
	for <freebsd-stable@freebsd.org>; Wed, 22 Feb 2006 14:06:10 +0000 (GMT)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E844343D4C
	for <freebsd-stable@freebsd.org>; Wed, 22 Feb 2006 14:06:09 +0000 (GMT)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1FBucw-00060o-VN
	for freebsd-stable@freebsd.org; Wed, 22 Feb 2006 15:05:58 +0100
Received: from menelaos.informatik.rwth-aachen.de ([137.226.194.73])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Wed, 22 Feb 2006 15:05:58 +0100
Received: from vs by menelaos.informatik.rwth-aachen.de with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Wed, 22 Feb 2006 15:05:58 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-stable@freebsd.org
From: Volker Stolz <vs@FreeBSD.org>
Date: Wed, 22 Feb 2006 14:05:31 +0000 (UTC)
Lines: 32
Message-ID: <dthr3b$o05$1@sea.gmane.org>
References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com>
	<20051227101621.GA16276@walton.maths.tcd.ie>
	<86irrfoix5.fsf@xps.des.no> <43F4E3B0.1090806@asd.aplus.net>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: menelaos.informatik.rwth-aachen.de
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: Re: SSH login takes very long time...sometimes
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2006 14:06:10 -0000

* Atanas <atanas@asd.aplus.net>:
> I really miss the inetd features. A setting like "nowait/100/20/5" 
> (/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]) 
> would effectively bounce the bad guys, but AFAIK (correct me if I'm 
> wrong), ssh is no longer supposed to work via inetd and still has no 
> such capabilities.

We're succesfully running openssh-portable from inetd with:
ssh     stream  tcp     nowait/0/12     root    /usr/local/sbin/sshd    sshd -i -f /etc/ssh/sshd_config

vs@lambda$ grep ssh /var/log/messages
Feb 14 02:15:04 lambda inetd[19345]: ssh from 62.81.185.120 exceeded counts/min (limit 12/min)
Feb 14 02:15:04 lambda inetd[19345]: ssh from 62.81.185.120 exceeded counts/min (limit 12/min)
Feb 14 16:43:15 lambda inetd[19345]: ssh from 220.130.23.134 exceeded counts/min (limit 12/min)
...

I'd also recommend pam_af for locking out brute-forcers:
http://mbsd.msk.ru/pam_af.html
For example we have:
        <host hostname='tin.cn.ee.ccu.edu.tw'>
                <attempts>9</attempts>
                <last_attempt>Mon Nov  7 15:05:50 2005</last_attempt>
                <status>locked</status>
        </host>

vs@lambda$ sudo pam_af_tool statlist | grep locked | wc -l
     363

Volker
-- 
http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME
"All the excitement lies in pattern matching." (SPJ et al.)