Hi Kevin, I used the iptables recent module to help stop ssh brute force attacks iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force " iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP You can also include an ssh whitelist for servers you know are okay. This method does have some caveats, but I found it very effective. If you Google "ssh brute force" you'll find a tonne of solutions to this problem. Regards, David "Zembower, Kevin" <kzembowe@xxxxxxxxxx> Sent by: listbounce@xxxxxxxxxxxxxxxxx 10/07/2008 12:55 AM To <secureshell@xxxxxxxxxxxxxxxxx> cc Subject Deliberately create slow SSH response? This might seem like a strange question to ask, but is there a way to deliberately create a slow response to an SSH request? I'm annoyed at the large number of distributed SSH brute-force attacks on a server I administer, trying to guess the password for 'root' and other accounts. I think that my server is pretty secure; doesn't allow root to log in through SSH, only a restricted number of accounts are allowed SSH access, with I think pretty good passwords. But still, the attempts annoy me. I wouldn't mind if SSH took say 30 seconds to ask me for my password. This would slow the attempts. Is there any way to configure OpenSSH to do this? I searched the archives of this group with 'slow' and 'delay' but didn't come up with anything on this topic. Please point it out to me if I overlooked anything. In addition, I can limit the number of SSH connections to 3-5 and still operate okay. Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6. Thanks in advance for your advice and suggestions. -Kevin Kevin Zembower Internet Services Group manager Center for Communication Programs Bloomberg School of Public Health Johns Hopkins University 111 Market Place, Suite 310 Baltimore, Maryland 21202 410-659-6139
