From owner-freebsd-questions@FreeBSD.ORG Wed May 7 16:32:07 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0B881065671 for ; Wed, 7 May 2008 16:32:07 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 74A4B8FC17 for ; Wed, 7 May 2008 16:32:07 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id AE8471CD4A; Wed, 7 May 2008 08:32:03 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Wed, 7 May 2008 18:31:13 +0200 User-Agent: KMail/1.9.7 References: <200805062116.19999.fbsd-ml@scrapper.ca> In-Reply-To: <200805062116.19999.fbsd-ml@scrapper.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200805071831.13898.fbsd.questions@rachie.is-a-geek.net> Cc: Norbert Papke Subject: Re: [SSHd] Increasing wait time? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2008 16:32:07 -0000 On Wednesday 07 May 2008 06:16:19 Norbert Papke wrote: > On May 6, 2008, Gilles wrote: > > Is there a way to configure SSHd, so that the wait time between login > > attempts increases after X failed tries? > > I run sshd via inetd rather than as a stand-alone daemon. inetd provides > optional rate limiting functionality. For instance. putting > > ssh stream tcp nowait/20/4/10 root /usr/sbin/sshd sshd -i > > into /etc/inetd.conf set a limit of > > * 20 overall ssh connections > * 4 connection attempts per minute > * at most 10 connections from a single IP > > This works very well on a personal server, not sure how it scales up. So if I copy over some files via scp, I can lock myself out. Fun stuff ;) -- Mel Problem with today's modular software: they start with the modules and never get to the software part.