Re: Delay between failed login attempts? (OpenSSH)

From: René Berber <rberber@xxxxxxxxxxxxxxx>
Date: Wed, 19 Sep 2007 15:47:46 -0700

On Sep 18, 6:12 am, Suk wrote:

Im using OpenSSH on Suse 10.2

I get hackers trying to ssh into my server all the time and /var/log/
messages fills up with various messages like below

Sep 18 01:58:06 linux sshd[28115]: Invalid user guest from
222.83.228.151

[...

Obviously these people are using some kind of brute force password
guessing program to attempt to gain access to my system.

Can I increase the delay between failed login attempts? Say after a
certain number of failed logins the ssh server doesnt accept new
connections for a few seconds?

Options like these help (in /etc/sshd_config):

MaxAuthTries 4
MaxStartups 1:3:6

I want these types of programs to frustratingly long to use for the
hackers trying to gain acess..

Any ideas?

Block them, you only need ssh built with tcp_wrappers support and one
of:

- DenyHosts
- Fail2ban
- probably others

that monitor a log file (authlog, messages, syslog,...) and block the
IP after a given number of failed tries. Of course you can white list
your own LAN or known external hosts.
--
René Berber

.

References:
- Delay between failed login attempts? (OpenSSH)
  - From: Suk

Prev by Date: Re: private key with no passphrase detection
Next by Date: Re: private key with no passphrase detection
Previous by thread: Delay between failed login attempts? (OpenSSH)
Next by thread: Re: Delay between failed login attempts? (OpenSSH)
Index(es):
- Date
- Thread

Relevant Pages

Delay between failed login attempts? (OpenSSH)
... I get hackers trying to ssh into my server all the time and /var/log/ ... Can I increase the delay between failed login attempts? ...
(comp.security.ssh)
Block access for ips
... I have many failed login attempts on my server. ... Please note that i want to block ips on fail login for all services, ftp, ssh, telnet, mail, etc. ...
(Fedora)
Re: Apache Software Foundation Server compromised, resecured. (fwd)
... this was one "result" of the comromised ssh binary at sourceforge. ... a public server of the Apache Software Foundation ... > (ASF) was illegally accessed by unknown crackers. ... > exhaustive audit of all Apache source code and binary distributions ...
(FreeBSD-Security)
Re: FreeBSD Crash without Errors, Warnings, or Panics
... I suppose I could run on stable until the driver is fixed in a release branch, but I need this box up and online, and I've always read that the stable branch is not the place for production servers. ... I'm running 6.0-RELEASE-p5 on a Toshiba built server: dual Xeon Intel motherboard with a LSILogic MegaRAID controller. ... Also, some network ports still respond, like a telnet to port 22 to test SSH will yield an SSH banner, but trying to connect with SSH just hangs. ... The box runs a web-based app and connects to a local Postgres DB which seemed to be unable to start new connections being requested by the PHP scripts. ...
(freebsd-hackers)
Re: restrict ssh access
... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
(comp.security.ssh)