Re: SSH Failed password delay

From: Walter Mautner (mynews.20.eatallspam_at_spamgourmet.com)
Date: 10/14/04 

Date: Thu, 14 Oct 2004 21:07:41 +0200

Frank de Bot wrote:

> Hi,
>
> Occasionaly I see failed password for ssh in the syslog. This somewhat
> bothers me, because some of my users are using weak passwords (And
> refuse to use good ones :-/) I've looked for methods to firewall those
> who try to login and fail to for xx times. The only usable solution this

Well, lusers who fail to remember their password or who didn't write it on a
post-it at the bottom of their keyboard, are better then these who never
complain because of the post-it or a password as simple as the name of
their cat/dog.

> way was to analyze the auth log and firewall the IP's, but when this is
> done hackers had all the time to break in. Another solution I had in my
> mind, was to have a 1 second delay before ssh accepts a password to
> receive or take a second orso to "verify" the password. Brute force
> cracking a password (even a weak one) would take pretty long (long
> enough to apply the firewall method) I've search in man pages of sshd
> and in PAM to put in such a delay, but couldn't find anything.
> Can it be done to give password authentication a delay?
>
If you use xinetd, there is the "cps" setting (connections per second, with
delay time in between) that comes to my mind.
To block crack attacks, use a xinetd "sensor" service at the usual ssh port
instead, with a considerably large deny_time, and tell your regular users
which (different) port to use. 

-- 
Longhorn error#4711: TCPA / NGSCB VIOLATION: Microsoft optical mouse 
detected penguin patterns on mousepad. Partition scan in progress
 to remove offending incompatible products.  Reactivate your MS software. 
Linux woodpecker.homnet.at 2.6.8reiser4pkt [LinuxCounter#295241]

Relevant Pages

  • RE: ssh delays 40 seconds
    ... I had this problem in the past, and it was due to DNS problems where my ... Subject: ssh delays 40 seconds ... The delay is probably about 30 seconds. ... > To unsubscribe, send any mail to ...
    (freebsd-questions)
  • [SLE] Slow SSH login
    ... A> ssh B ... second delay no matter the authentication mechanism ... debug1: Authentication succeeded. ...
    (SuSE)
  • Re: ssh login delays
    ... > Subject: ssh login delays ... > idea where to begin looking for the cause of the delay. ... If I recall correctly the ssh ... If $DISPLAY is a "localhost:11.0" something address there is an SSH tunnel... ...
    (Fedora)
  • SSH Failed password delay
    ... Occasionaly I see failed password for ssh in the syslog. ... because some of my users are using weak passwords (And ... way was to analyze the auth log and firewall the IP's, ... and in PAM to put in such a delay, ...
    (comp.os.linux.security)
  • Re: Restarting init without rebooting
    ... The default in the new installs is not to run inetd on startup. ... A word of advice that I found on a Linux system that uses ... did NOT run it from xinetd. ... I was able to ssh into the system and found xinetd wasn't running. ...
    (comp.unix.bsd.freebsd.misc)