From owner-freebsd-questions@FreeBSD.ORG  Wed May  7 16:32:07 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A0B881065671
	for <freebsd-questions@freebsd.org>;
	Wed,  7 May 2008 16:32:07 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 74A4B8FC17
	for <freebsd-questions@freebsd.org>;
	Wed,  7 May 2008 16:32:07 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from localhost (localhost [127.0.0.1])
	by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id AE8471CD4A;
	Wed,  7 May 2008 08:32:03 -0800 (AKDT)
From: Mel <fbsd.questions@rachie.is-a-geek.net>
To: freebsd-questions@freebsd.org
Date: Wed, 7 May 2008 18:31:13 +0200
User-Agent: KMail/1.9.7
References: <q7412457qoumm8v8dbth10fug2ctbrlfp0@4ax.com>
	<200805062116.19999.fbsd-ml@scrapper.ca>
In-Reply-To: <200805062116.19999.fbsd-ml@scrapper.ca>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200805071831.13898.fbsd.questions@rachie.is-a-geek.net>
Cc: Norbert Papke <fbsd-ml@scrapper.ca>
Subject: Re: [SSHd] Increasing wait time?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2008 16:32:07 -0000

On Wednesday 07 May 2008 06:16:19 Norbert Papke wrote:
> On May 6, 2008, Gilles wrote:
> > Is there a way to configure SSHd, so that the wait time between login
> > attempts increases after X failed tries?
>
> I run sshd via inetd rather than as a stand-alone daemon.  inetd provides
> optional rate limiting functionality.  For instance. putting
>
>    ssh stream  tcp  nowait/20/4/10  root  /usr/sbin/sshd  sshd -i
>
> into /etc/inetd.conf set a limit of
>
> * 20 overall ssh connections
> * 4 connection attempts per minute
> * at most 10 connections from a single IP
>
> This works very well on a personal server, not sure how it scales up.


So if I copy over some files via scp, I can lock myself out. Fun stuff ;)
-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.