Login Delay
Cole Tuininga
colet at code-energy.com
Fri Jun 24 10:22:01 EDT 2005
On Fri, 2005-06-24 at 08:46 -0400, Dan Jenkins wrote:
> Andrew W. Gaunt wrote:
>
> > Does anyone on this list know of a way to add a delay to the login
> > prompt when an unauthorized user attempts to access my linux
> > box via ssh (port 22)? I've got this port open on the firewall/router
> > and try to use good passwords and all that.. logwatch reports a
> > number of unsuccessful attempts daily, I just want to make
> > it just that much harder and more painful for the bad guys.
>
> There's a short discussion on the subject here:
> http://www.webservertalk.com/archive91-2004-10-389670.html
>
> As the largest number of SSH attempts in my logs are due to scripted
> probes, you won't make it particularly more painful (unless you
> anthropomorphize your attacker's computers ;-). Depending on the method
> you use, you could even DoS yourself.
I think this misses the OP's original point. I believe what they are
looking for is a way to have the sshd take a couple seconds before
replying on an incorrect password. The effect of which would be that it
takes an automated (or non-automated) script much longer to cycle
through various possible combinations.
It sounds like a reasonably effective method, presuming the attack isn't
multi-threaded/process.
Unfortunately, I don't know the answer as to how to do it off the top of
my head. 8)
--
Cole Tuininga <colet at code-energy.com>
http://www.code-energy.com
More information about the gnhlug-discuss
mailing list