From owner-freebsd-questions@FreeBSD.ORG  Wed May  7 04:18:01 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5FCDE106564A
	for <freebsd-questions@freebsd.org>;
	Wed,  7 May 2008 04:18:01 +0000 (UTC)
	(envelope-from fbsd-ml@scrapper.ca)
Received: from pd4mo3so.prod.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10])
	by mx1.freebsd.org (Postfix) with ESMTP id 23E458FC13
	for <freebsd-questions@freebsd.org>;
	Wed,  7 May 2008 04:18:00 +0000 (UTC)
	(envelope-from fbsd-ml@scrapper.ca)
Received: from pd3mr2so.prod.shaw.ca
	(pd3mr2so-qfe3.prod.shaw.ca [10.0.141.178]) by l-daemon
	(Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
	with ESMTP id <0K0H00G7FD79W760@l-daemon> for
	freebsd-questions@freebsd.org; Tue, 06 May 2008 22:16:21 -0600 (MDT)
Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7])
	by pd3mr2so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05
	(built Sep
	5 2006)) with ESMTP id <0K0H002WBD798V50@pd3mr2so.prod.shaw.ca> for
	freebsd-questions@freebsd.org; Tue, 06 May 2008 22:16:21 -0600 (MDT)
Received: from proven.lan ([24.85.241.34])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004)) with ESMTP id <0K0H004QWD78K650@l-daemon> for
	freebsd-questions@freebsd.org; Tue, 06 May 2008 22:16:21 -0600 (MDT)
Received: from proven.lan (localhost [127.0.0.1])	by proven.lan (8.14.2/8.14.2)
	with ESMTP id m474GK7h097818	for <freebsd-questions@freebsd.org>; Tue,
	06 May 2008 21:16:20 -0700 (PDT envelope-from fbsd-ml@scrapper.ca)
Received: from localhost (localhost [[UNIX: localhost]])
	by proven.lan (8.14.2/8.14.2/Submit)
	id m474GKV2097816	for freebsd-questions@freebsd.org; Tue,
	06 May 2008 21:16:20 -0700 (PDT envelope-from fbsd-ml@scrapper.ca)
Date: Tue, 06 May 2008 21:16:19 -0700
From: Norbert Papke <fbsd-ml@scrapper.ca>
In-reply-to: <q7412457qoumm8v8dbth10fug2ctbrlfp0@4ax.com>
To: freebsd-questions@freebsd.org
Message-id: <200805062116.19999.fbsd-ml@scrapper.ca>
Organization: Archaeological Filing
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Content-disposition: inline
References: <q7412457qoumm8v8dbth10fug2ctbrlfp0@4ax.com>
X-Authentication-warning: proven.lan: npapke set sender to fbsd-ml@scrapper.ca
	using -f
User-Agent: KMail/1.9.7
Subject: Re: [SSHd] Increasing wait time?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2008 04:18:01 -0000

On May 6, 2008, Gilles wrote:
> Is there a way to configure SSHd, so that the wait time between login
> attempts increases after X failed tries?

I run sshd via inetd rather than as a stand-alone daemon.  inetd provides 
optional rate limiting functionality.  For instance. putting

   ssh stream  tcp  nowait/20/4/10  root  /usr/sbin/sshd  sshd -i

into /etc/inetd.conf set a limit of

* 20 overall ssh connections
* 4 connection attempts per minute
* at most 10 connections from a single IP

This works very well on a personal server, not sure how it scales up.

Cheers,

-- Norbert.