Brett Glass <brett@xxxxxxxxxx> said (on 2006/04/17): > To: bugtraq@xxxxxxxxxxxxxxxxx > From: Brett Glass <brett@xxxxxxxxxx> > Subject: Strengthen OpenSSH security? > > ... > It seems to me that sshd should not tip its hand by returning > different responses ... I agree. I also wish OpenSSH would implement the same security measures already available in other SSH servers and authentication products -- a dynamic black list. The idea is simple, but effective: connections from IP addresses that have failed to authenticate X times in the last Y minutes are refused for Z minutes. For adequate values of Y and Z, brute force attacks quickly lose feasibility.
