At 1:48 PM -0400 6/30/05, Roy Morris wrote:
As to the speed of connections, I've been meaning to check into
the idea that every ssh session would see some short delay
(maybe 1/2 of a second). Something where syslog would see any
failure message immediately, but the incoming connection would
always see that extra delay. I'm not sure that would really help
much, but it might make me feel a little better...
" max-src-conn-rate <number> / <seconds>"
True, but that's not quite the same thing. It is helpful, and now
that you mention it I probably should do that on my machines which
are setup with 'pf'. But I would also like to slow down the bad guys
right at the first connection, every connection, even if the attack
is 100 different machines each making one connection per second.
(although I'm not sure that this delay would really solve anything...)
It looks like /etc/ssh/sshd_config also supports MaxAuthTries and
MaxStartups, which might be of interest for the original poster.
--
Garance Alistair Drosehn = [EMAIL PROTECTED]
Senior Systems Programmer or [EMAIL PROTECTED]
Rensselaer Polytechnic Institute or [EMAIL PROTECTED]
