From owner-freebsd-questions@FreeBSD.ORG Tue May 6 17:59:32 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DEBE4106564A for ; Tue, 6 May 2008 17:59:32 +0000 (UTC) (envelope-from beech@freebsd.org) Received: from freebsd.alaskaparadise.com (freebsd.alaskaparadise.com [208.79.80.117]) by mx1.freebsd.org (Postfix) with ESMTP id ACC378FC18 for ; Tue, 6 May 2008 17:59:32 +0000 (UTC) (envelope-from beech@freebsd.org) Received: from 137-42-178-69.gci.net (137-42-178-69.gci.net [69.178.42.137]) by freebsd.alaskaparadise.com (Postfix) with ESMTP id 0CCC12383814; Tue, 6 May 2008 17:59:32 +0000 (UTC) From: Beech Rintoul To: freebsd-questions@freebsd.org Date: Tue, 6 May 2008 09:59:24 -0800 User-Agent: KMail/1.9.7 References: <200805060931.18936.beech@freebsd.org> <20080506173912.GB85015@Grumpy.DynDNS.org> In-Reply-To: <20080506173912.GB85015@Grumpy.DynDNS.org> X-Face: jC2w\k*Q1\0DA2Q0Eh&BrP/Rt2M,^2O#R07VoT98m*>miQF9%Bi9vy`F6cPjwEe?m,)=?utf-8?q?2=0A=09X=3FM=5C=3AOE9QgZ?="xT3/n3,3MJ7N=Cfkmi%f(w^~X"SUxn>; 27NO; C+)g[7J`$G*SN>{<=?utf-8?q?O=3Bg7=7C=0A=09o=7D=265A=5D4?=@7D`=Eb@Zs1Ln814?]|k@'bG=.Ca"[|8+_.OsNAo8!#?4u MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200805060959.28509.beech@freebsd.org> Cc: Gilles , David Kelly Subject: Re: [SSHd] Increasing wait time? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Beech Rintoul List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 May 2008 17:59:33 -0000 On Tuesday 06 May 2008, David Kelly said: > On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote: > > > Is there a way to configure SSHd, so that the wait time between > > > login attempts increases after X failed tries? > > > > Not that I know of. You should look into denyhosts (in the ports) > > it works well and even has a RBL feature to block some of these > > script kiddies proactively. Unfortunately, these attempts have > > become a fact of life. I probably get 20 - 30 attempts a day > > between my various servers. > > Depending on how you use ssh from external systems you could add > firewall rules to disallow all but known sources. I was doing that in the past, but I found it to be inflexable and sometimes a pain to deal with. I sometimes need to access a server from a new location and that kind of hard lockdown just isn't practical. The denyhosts solution works very well for me and the RBH feature blocks 9 out of 10 attempts outright. Beech -- --------------------------------------------------------------------------------------- Beech Rintoul - FreeBSD Developer - beech@FreeBSD.org /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.FreeBSD.org/releases/7.0R/announce.html ---------------------------------------------------------------------------------------