If one does add such a plugin, it should be in a place where it can delay for an exponentially increasing time (or return a delay time to SSH). You don’t want to just reject the login, because they might keep hammering you. From: openssh-unix-dev <openssh-unix-dev-bounces+herbie.robinson=stratus.com@xxxxxxxxxxx> On Behalf Of Chris Rapier Sent: Wednesday, October 18, 2023 2:12 PM To: openssh-unix-dev@xxxxxxxxxxx Subject: [EXTERNAL] Re: ssh wish list? [EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do not click links or open attachments unless you recognize the sender and know the content is safe.] That's a good idea but I think fail2ban might be a better solution to this than extending the application itself. The main issue being that maintaining and managing a blocklist like that within ssh might be cumbersome in large organizations. On 10/18/23 1:42 PM, Thomas Köller wrote: > Some time ago I made a proposal to add a mechanism that would allow a > hook to be executed whenever an unsuccessful login attempt was made: > https://bugzilla.mindrot.org/show_bug.cgi?id=3384<https://bugzilla.mindrot.org/show_bug.cgi?id=3384>. > > The idea was to manage a blacklist to lock out hosts that repeatedly > attempted to login by trying common passwords. Unfortunately, I could > not get much attention and gave up on it. > > Thomas > > Am 18.10.23 um 19:13 schrieb Chris Rapier: >> Hey all, >> >> So I do some development based on openssh and I'm trying to think of >> some new projects that might extend the functionality, feature set, >> user workflow, performance, etc of ssh. >> >> So open ended question: >> >> Do any of you have a wish list of things you'd like to see in ssh? >> >> >> Mostly I'm just curious to see what the larger community is thinking >> of rather than being driven entirely by what I think is cool. >> >> >> Chris >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev@xxxxxxxxxxx<mailto:openssh-unix-dev@xxxxxxxxxxx> >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev> > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx<mailto:openssh-unix-dev@xxxxxxxxxxx> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx<mailto:openssh-unix-dev@xxxxxxxxxxx> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
