Re: Deliberately create slow SSH response?

I have a similar interest. What would be even better is if a wrong
login and/or password could triggered a delay for just the offending IP
address. Then after the expiration of some configurable timer setting
sshd would go back to zero-delay-login for that IP address.

On Wed, 2008-07-09 at 16:55 +0000, Zembower, Kevin wrote:
This might seem like a strange question to ask, but is there a way to
deliberately create a slow response to an SSH request? I'm annoyed at
the large number of distributed SSH brute-force attacks on a server I
administer, trying to guess the password for 'root' and other accounts.
I think that my server is pretty secure; doesn't allow root to log in
through SSH, only a restricted number of accounts are allowed SSH
access, with I think pretty good passwords. But still, the attempts
annoy me.

I wouldn't mind if SSH took say 30 seconds to ask me for my password.
This would slow the attempts. Is there any way to configure OpenSSH to
do this? I searched the archives of this group with 'slow' and 'delay'
but didn't come up with anything on this topic. Please point it out to
me if I overlooked anything. In addition, I can limit the number of SSH
connections to 3-5 and still operate okay.

Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under
RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.

Thanks in advance for your advice and suggestions.

-Kevin

Kevin Zembower
Internet Services Group manager
Center for Communication Programs
Bloomberg School of Public Health
Johns Hopkins University
111 Market Place, Suite 310
Baltimore, Maryland 21202
410-659-6139


Relevant Pages

  • RE: ssh delays 40 seconds
    ... I had this problem in the past, and it was due to DNS problems where my ... Subject: ssh delays 40 seconds ... The delay is probably about 30 seconds. ... > To unsubscribe, send any mail to ...
    (freebsd-questions)
  • [SLE] Slow SSH login
    ... A> ssh B ... second delay no matter the authentication mechanism ... debug1: Authentication succeeded. ...
    (SuSE)
  • Re: SSH Failed password delay
    ... > Occasionaly I see failed password for ssh in the syslog. ... > and in PAM to put in such a delay, ... use a xinetd "sensor" service at the usual ssh port ...
    (comp.os.linux.security)
  • Re: ssh login delays
    ... > Subject: ssh login delays ... > idea where to begin looking for the cause of the delay. ... If I recall correctly the ssh ... If $DISPLAY is a "localhost:11.0" something address there is an SSH tunnel... ...
    (Fedora)
  • SSH Failed password delay
    ... Occasionaly I see failed password for ssh in the syslog. ... because some of my users are using weak passwords (And ... way was to analyze the auth log and firewall the IP's, ... and in PAM to put in such a delay, ...
    (comp.os.linux.security)