RE: Deliberately create slow SSH response?



Thought of moving to a different port? Granted, if they
port-sweep your IP, they might find where you've moved off to, but it
will cut WAY down on the hits (especially if you pick something from
the well-known list that is normally innocuous, like, oh, port 1, 70,
179, etc.), and it's a one-line change to your sshd_config (well, that
and training yourself to ssh onto the other port... '-p' or '-P'
options depending on what you're trying to do).

-Michael

|> From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
|> On Behalf Of Zembower, Kevin
|> Sent: Wednesday, July 09, 2008 12:56 PM
|> To: secureshell@xxxxxxxxxxxxxxxxx
|> Subject: Deliberately create slow SSH response?
|>
|> This might seem like a strange question to ask, but is there a way to
|> deliberately create a slow response to an SSH request? I'm annoyed at
|> the large number of distributed SSH brute-force attacks on a server I
|> administer, trying to guess the password for 'root' and other accounts.
|> I think that my server is pretty secure; doesn't allow root to log in
|> through SSH, only a restricted number of accounts are allowed SSH
|> access, with I think pretty good passwords. But still, the attempts
|> annoy me.
|>
|> I wouldn't mind if SSH took say 30 seconds to ask me for my password.
|> This would slow the attempts. Is there any way to configure OpenSSH to
|> do this? I searched the archives of this group with 'slow' and 'delay'
|> but didn't come up with anything on this topic. Please point it out to
|> me if I overlooked anything. In addition, I can limit the number of SSH
|> connections to 3-5 and still operate okay.
|>
|> Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under
|> RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.
|>
|> Thanks in advance for your advice and suggestions.
|>
|> -Kevin
|>
|> Kevin Zembower
|> Internet Services Group manager
|> Center for Communication Programs
|> Bloomberg School of Public Health
|> Johns Hopkins University
|> 111 Market Place, Suite 310
|> Baltimore, Maryland 21202
|> 410-659-6139



Relevant Pages

  • Re: ssh gives "Permission denied, please try again"
    ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ...
    (uk.comp.os.linux)
  • [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana)
    ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ...
    (Securiteam)
  • Re: Remote Desktop directly to another computer on the network
    ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SSH safety
    ... SSH safety (J.L. ... FC3 missing KDE menu items ... I was wondering how safe it is to open the ssh port up to the internet. ...
    (Fedora)
  • Re: FTPS Server?
    ... port numbers by deep packet inspection. ... client, but the underlying SSH protocol over the network is way, way ... See the chroot configuration in the man-page for sshd_config ... recommend running a separate instance on a separate port (if firewalls ...
    (freebsd-stable)