** At 09:59 -0800 on 05/06/2008, Beech Rintoul wrote:
On Tuesday 06 May 2008, David Kelly said:
> > On Tuesday 06 May 2008, Gilles said:
> > Is there a way to configure SSHd, so that the wait time between
> > > login attempts increases after X failed tries?
>
Depending on how you use ssh from external systems you could add
firewall rules to disallow all but known sources.
I was doing that in the past, but I found it to be inflexable and
sometimes a pain to deal with. I sometimes need to access a server
from a new location and that kind of hard lockdown just isn't
practical.
I had the same problem (i.e., needing to access the server from a new
location). In my case, one of the allowed sites is the server of a
friend who has provided a shell account for me. When I'm on the road,
I just ssh to his machine, and from there I can ssh into any of my
machines. His machine effectively does all of the script-kiddie
filtering for my site. ;-)
Note if you choose to do this: scp'ing files becomes a four-step
process (i.e., scp file(s) to intermediate server, log in to
intermediate server, scp to destination server, delete file(s) from
intermediate server). Still worth it, though.
Remember the "wave theory" of script kiddies (WARNING: Gross
oversimplification ahead): Quantum mechanics says that if you throw
yourself against a wall several quintillion times, you'll eventually
"wave" through it without leaving a mark on yourself or the wall.*
Similarly, a sufficiently large number of break-in attempts by script
kiddies will result in one of them "waving" straight past all of the
security without leaving a scratch.
FWIW, I agree with cpghost -- it's strange that an addition as
obvious and useful as this isn't already supported.
__________________________________________________________________________
Vince Sabio [EMAIL PROTECTED]
* As if the first few billion tries didn't already leave some rather
noticeable marks on both you AND the wall.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
