Hi Kevin,

Here are a few solutions that I can think of at the moment;

-Change your sshd port from 22 to something less prone to scans/attacks. i.e. 122, 222, etc...
-Disable password authentication?
-TCP wrappers that spawn a script at every ssh connection and checks for IP and validate if it has been denied a connection before, and put the IP in /etc/hosts.deny if x amount of attempts is reached. You would script something and put it in /etc/hosts.allow in the following format: (your SSH should be compiled with libwrap)
sshd : all : spawn (/path/to/your_script.sh %a)&
- You can also use http://denyhosts.sourceforge.net/ which is a python script that should work fine with the Linux distros that you list.

Hope this helps.

-Ed

----- Original Message ----
> From: "Zembower, Kevin"
> To: secureshell@securityfocus.com
> Sent: Wednesday, July 9, 2008 12:55:34 PM
> Subject: Deliberately create slow SSH response?
>
> This might seem like a strange question to ask, but is there a way to
> deliberately create a slow response to an SSH request? I'm annoyed at
> the large number of distributed SSH brute-force attacks on a server I
> administer, trying to guess the password for 'root' and other accounts.
> I think that my server is pretty secure; doesn't allow root to log in
> through SSH, only a restricted number of accounts are allowed SSH
> access, with I think pretty good passwords. But still, the attempts
> annoy me.
>
> I wouldn't mind if SSH took say 30 seconds to ask me for my password.
> This would slow the attempts. Is there any way to configure OpenSSH to
> do this? I searched the archives of this group with 'slow' and 'delay'
> but didn't come up with anything on this topic. Please point it out to
> me if I overlooked anything. In addition, I can limit the number of SSH
> connections to 3-5 and still operate okay.
>
> Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under
> RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.
>
> Thanks in advance for your advice and suggestions.
>
> -Kevin
>
> Kevin Zembower
> Internet Services Group manager
> Center for Communication Programs
> Bloomberg School of Public Health
> Johns Hopkins University
> 111 Market Place, Suite 310
> Baltimore, Maryland 21202
> 410-659-6139




__________________________________________________ ________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at
http://ca.toolbar.yahoo.com.