RE: Deliberately create slow SSH response?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes, but if the attacker is coming from one point and takes 30 seconds for each attempt, versus 0.03 seconds...

Stephen J. Fromm, PhD
Contractor, NIMH/MAP
(301) 451-9265
 
 

-----Original Message-----
From: Sergio Castro [mailto:sergio.castro@xxxxxxxxxx] 
Sent: Wednesday, July 09, 2008 1:15 PM
To: 'Zembower, Kevin'; secureshell@xxxxxxxxxxxxxxxxx
Subject: RE: Deliberately create slow SSH response?

The brute force attacks are most likely automated, so if your objective is
to bore a human to death with 30 second delays, it wont' work.

Have you thought about limiting access to the service to only certain IPs?

- Sergio 

-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de Zembower, Kevin
Enviado el: Miércoles, 09 de Julio de 2008 11:56 a.m.
Para: secureshell@xxxxxxxxxxxxxxxxx
Asunto: Deliberately create slow SSH response?

This might seem like a strange question to ask, but is there a way to
deliberately create a slow response to an SSH request? I'm annoyed at the
large number of distributed SSH brute-force attacks on a server I
administer, trying to guess the password for 'root' and other accounts.
I think that my server is pretty secure; doesn't allow root to log in
through SSH, only a restricted number of accounts are allowed SSH access,
with I think pretty good passwords. But still, the attempts annoy me.

I wouldn't mind if SSH took say 30 seconds to ask me for my password.
This would slow the attempts. Is there any way to configure OpenSSH to do
this? I searched the archives of this group with 'slow' and 'delay'
but didn't come up with anything on this topic. Please point it out to me if
I overlooked anything. In addition, I can limit the number of SSH
connections to 3-5 and still operate okay. 

Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under RHEL
ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.

Thanks in advance for your advice and suggestions.

-Kevin

Kevin Zembower
Internet Services Group manager
Center for Communication Programs
Bloomberg School of Public Health
Johns Hopkins University
111 Market Place, Suite 310
Baltimore, Maryland  21202
410-659-6139 


__________ NOD32 3255 (20080709) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com




[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux