Re: Deliberately create slow SSH response?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Kevin,

I used the iptables recent module to help stop ssh brute force attacks

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set 
--name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 
--hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force "
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 
--hitcount 4 --rttl --name SSH -j DROP

You can also include an ssh whitelist for servers you know are okay. This 
method does have some caveats, but I found it very effective.

If you Google "ssh brute force" you'll find a tonne of solutions to this 
problem.

Regards,

David




"Zembower, Kevin" <kzembowe@xxxxxxxxxx> 
Sent by: listbounce@xxxxxxxxxxxxxxxxx
10/07/2008 12:55 AM

To
<secureshell@xxxxxxxxxxxxxxxxx>
cc

Subject
Deliberately create slow SSH response?






This might seem like a strange question to ask, but is there a way to
deliberately create a slow response to an SSH request? I'm annoyed at
the large number of distributed SSH brute-force attacks on a server I
administer, trying to guess the password for 'root' and other accounts.
I think that my server is pretty secure; doesn't allow root to log in
through SSH, only a restricted number of accounts are allowed SSH
access, with I think pretty good passwords. But still, the attempts
annoy me.

I wouldn't mind if SSH took say 30 seconds to ask me for my password.
This would slow the attempts. Is there any way to configure OpenSSH to
do this? I searched the archives of this group with 'slow' and 'delay'
but didn't come up with anything on this topic. Please point it out to
me if I overlooked anything. In addition, I can limit the number of SSH
connections to 3-5 and still operate okay. 

Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under
RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.

Thanks in advance for your advice and suggestions.

-Kevin

Kevin Zembower
Internet Services Group manager
Center for Communication Programs
Bloomberg School of Public Health
Johns Hopkins University
111 Market Place, Suite 310
Baltimore, Maryland  21202
410-659-6139 




[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux