Login Delay
Steven W. Orr
steveo at syslang.net
Fri Jun 24 11:39:00 EDT 2005
On Friday, Jun 24th 2005 at 10:04 -0400, quoth Cole Tuininga:
=>On Fri, 2005-06-24 at 08:46 -0400, Dan Jenkins wrote:
=>> Andrew W. Gaunt wrote:
=>>
=>> > Does anyone on this list know of a way to add a delay to the login
=>> > prompt when an unauthorized user attempts to access my linux
=>> > box via ssh (port 22)? I've got this port open on the firewall/router
=>> > and try to use good passwords and all that.. logwatch reports a
=>> > number of unsuccessful attempts daily, I just want to make
=>> > it just that much harder and more painful for the bad guys.
=>>
=>> There's a short discussion on the subject here:
=>> http://www.webservertalk.com/archive91-2004-10-389670.html
=>>
=>> As the largest number of SSH attempts in my logs are due to scripted
=>> probes, you won't make it particularly more painful (unless you
=>> anthropomorphize your attacker's computers ;-). Depending on the method
=>> you use, you could even DoS yourself.
=>
=>I think this misses the OP's original point. I believe what they are
=>looking for is a way to have the sshd take a couple seconds before
=>replying on an incorrect password. The effect of which would be that it
=>takes an automated (or non-automated) script much longer to cycle
=>through various possible combinations.
=>
=>It sounds like a reasonably effective method, presuming the attack isn't
=>multi-threaded/process.
=>
=>Unfortunately, I don't know the answer as to how to do it off the top of
=>my head. 8)
I really don't like jumping in without knowing the correct answer, but it
really sounds to me like This Is A Job For PAM. This is exactly what PAM
was designed for. Anyone know if PAM has a module that does this? I know
for sure you can control the duration of the delay after the number of
failures causes the trigger to go off.
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
More information about the gnhlug-discuss
mailing list