RE: Deliberately create slow SSH response? - openssh

This is a discussion on RE: Deliberately create slow SSH response? - openssh ; Kevin, Check out fail2ban at http://sourceforge.net/projects/fail2ban -- it will scan your logs for invalid access attempts and add iptables firewall rules to block the offending IP addresses after a configurable number of attempts. Richard Wilson EDS richard dot wilson at ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: Deliberately create slow SSH response?

  1. RE: Deliberately create slow SSH response?

    Kevin,

    Check out fail2ban at http://sourceforge.net/projects/fail2ban -- it
    will scan your logs for invalid access attempts and add iptables
    firewall rules to block the offending IP addresses after a configurable
    number of attempts.

    Richard Wilson
    EDS
    richard dot wilson at eds dot com

    -----Original Message-----
    From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
    On Behalf Of Zembower, Kevin
    Sent: Wednesday, July 09, 2008 12:56 PM
    To: secureshell@securityfocus.com
    Subject: Deliberately create slow SSH response?

    This might seem like a strange question to ask, but is there a way to
    deliberately create a slow response to an SSH request? I'm annoyed at
    the large number of distributed SSH brute-force attacks on a server I
    administer, trying to guess the password for 'root' and other accounts.
    I think that my server is pretty secure; doesn't allow root to log in
    through SSH, only a restricted number of accounts are allowed SSH
    access, with I think pretty good passwords. But still, the attempts
    annoy me.

    I wouldn't mind if SSH took say 30 seconds to ask me for my password.
    This would slow the attempts. Is there any way to configure OpenSSH to
    do this? I searched the archives of this group with 'slow' and 'delay'
    but didn't come up with anything on this topic. Please point it out to
    me if I overlooked anything. In addition, I can limit the number of SSH
    connections to 3-5 and still operate okay.

    Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under
    RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.

    Thanks in advance for your advice and suggestions.

    -Kevin

    Kevin Zembower
    Internet Services Group manager
    Center for Communication Programs
    Bloomberg School of Public Health
    Johns Hopkins University
    111 Market Place, Suite 310
    Baltimore, Maryland 21202
    410-659-6139


  2. RE: Deliberately create slow SSH response?

    Thought of moving to a different port? Granted, if they
    port-sweep your IP, they might find where you've moved off to, but it
    will cut WAY down on the hits (especially if you pick something from
    the well-known list that is normally innocuous, like, oh, port 1, 70,
    179, etc.), and it's a one-line change to your sshd_config (well, that
    and training yourself to ssh onto the other port... '-p' or '-P'
    options depending on what you're trying to do).

    -Michael

    |> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
    |> On Behalf Of Zembower, Kevin
    |> Sent: Wednesday, July 09, 2008 12:56 PM
    |> To: secureshell@securityfocus.com
    |> Subject: Deliberately create slow SSH response?
    |>
    |> This might seem like a strange question to ask, but is there a way to
    |> deliberately create a slow response to an SSH request? I'm annoyed at
    |> the large number of distributed SSH brute-force attacks on a server I
    |> administer, trying to guess the password for 'root' and other accounts.
    |> I think that my server is pretty secure; doesn't allow root to log in
    |> through SSH, only a restricted number of accounts are allowed SSH
    |> access, with I think pretty good passwords. But still, the attempts
    |> annoy me.
    |>
    |> I wouldn't mind if SSH took say 30 seconds to ask me for my password.
    |> This would slow the attempts. Is there any way to configure OpenSSH to
    |> do this? I searched the archives of this group with 'slow' and 'delay'
    |> but didn't come up with anything on this topic. Please point it out to
    |> me if I overlooked anything. In addition, I can limit the number of SSH
    |> connections to 3-5 and still operate okay.
    |>
    |> Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under
    |> RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.
    |>
    |> Thanks in advance for your advice and suggestions.
    |>
    |> -Kevin
    |>
    |> Kevin Zembower
    |> Internet Services Group manager
    |> Center for Communication Programs
    |> Bloomberg School of Public Health
    |> Johns Hopkins University
    |> 111 Market Place, Suite 310
    |> Baltimore, Maryland 21202
    |> 410-659-6139


+ Reply to Thread