linux ssh security defaults

To prevent brute force attacks i think that linux ssh, etc services
should default for example to allow at first 30 logins within 10
minutes or so and then if that is exceeded allow only 1 per minute for
next hour or so

Don't know if this is right place to complain but i don't think
current defaults are good enough as they are!!! Only 6.5536 * 10^12
variations in any good 8 charcters long password made out of only
lowercase letters and numbers. It's absolutely possible to crack that
with just brute force.
.

Relevant Pages

  • Re: Reporting brute force ssh login attempts
    ... Is using only version 2 public key authentication not possible? ... to a brute force attack. ... compromise that user's computerand he associated key passphrase. ... makes keys-based logins (espcially with password logins completely ...
    (Debian-User)
  • Re: linux ssh security defaults
    ... should default for example to allow at first 30 logins within 10 ... It's absolutely possible to crack that ... with just brute force. ... Try public key auth. ...
    (comp.security.ssh)
  • RE: Brute force attacks
    ... Setting up port knocking can help reduce brute force attempts too. ... Seriously, my open SSH ports get minimal brute force attacks daily, ... I've been experiencing brute force dictionary attacks from various sources ...
    (Security-Basics)
  • Re: secure SMTP...
    ... SMTP AUTH won't open you to brute force attacks as the accounts will be ... locked out by the devices if incorrect logon information is provided for the ... Also not using SMTP AUTH will not allow a brute force type attack as their ...
    (microsoft.public.exchange.admin)
  • Re: Crack a 9 char case sensitive password?
    ... >It's easy to write a brute force cracker to crack 6 letter passwords ... >execute brute force attacks). ... Then introduce first letter upper case. ...
    (sci.crypt)