Re: Deliberately create slow SSH response? - openssh

This is a discussion on Re: Deliberately create slow SSH response? - openssh ; I have a similar interest. What would be even better is if a wrong login and/or password could triggered a delay for just the offending IP address. Then after the expiration of some configurable timer setting sshd would go back ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: Deliberately create slow SSH response?

  1. Re: Deliberately create slow SSH response?

    I have a similar interest. What would be even better is if a wrong
    login and/or password could triggered a delay for just the offending IP
    address. Then after the expiration of some configurable timer setting
    sshd would go back to zero-delay-login for that IP address.

    On Wed, 2008-07-09 at 16:55 +0000, Zembower, Kevin wrote:
    > This might seem like a strange question to ask, but is there a way to
    > deliberately create a slow response to an SSH request? I'm annoyed at
    > the large number of distributed SSH brute-force attacks on a server I
    > administer, trying to guess the password for 'root' and other accounts.
    > I think that my server is pretty secure; doesn't allow root to log in
    > through SSH, only a restricted number of accounts are allowed SSH
    > access, with I think pretty good passwords. But still, the attempts
    > annoy me.
    >
    > I wouldn't mind if SSH took say 30 seconds to ask me for my password.
    > This would slow the attempts. Is there any way to configure OpenSSH to
    > do this? I searched the archives of this group with 'slow' and 'delay'
    > but didn't come up with anything on this topic. Please point it out to
    > me if I overlooked anything. In addition, I can limit the number of SSH
    > connections to 3-5 and still operate okay.
    >
    > Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under
    > RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.
    >
    > Thanks in advance for your advice and suggestions.
    >
    > -Kevin
    >
    > Kevin Zembower
    > Internet Services Group manager
    > Center for Communication Programs
    > Bloomberg School of Public Health
    > Johns Hopkins University
    > 111 Market Place, Suite 310
    > Baltimore, Maryland 21202
    > 410-659-6139
    >



  2. Re: Deliberately create slow SSH response?

    While it's probably not an option for most people, the pf firewall in OpenBSD
    (and ported to FreeBSD) has settings that basically say after X login
    attempts over some time period Y for a given IP address, block further
    attempts for time period Z. It's highly configurable.

    --
    Jeff Simmons jsimmons@goblin.punk.net
    Simmons Consulting - Network Engineering, Administration, Security
    "You guys, I don't hear any noise. Are you sure you're doing it right?"
    -- My Life With The Thrill Kill Kult


  3. Re: Deliberately create slow SSH response?

    On Thu, Jul 10, 2008 at 12:08:26PM -0700, Jeff Simmons wrote:
    > While it's probably not an option for most people, the pf firewall in OpenBSD
    > (and ported to FreeBSD) has settings that basically say after X login
    > attempts over some time period Y for a given IP address, block further
    > attempts for time period Z. It's highly configurable.


    That's not built into PF itself. What PF can do, though, is create a
    "table". Rules can be constructed so that every IP address in the table
    is blocked (or allowed, etc.). And then IP addresses can be added to
    the table on the fly, either by something that parses sshd logs, or by
    a hook inserted into sshd itself.


+ Reply to Thread