[CentOS] How to delay failed ssh auth
John R Pierce
pierce at hogranch.com
Fri Nov 28 07:49:43 UTC 2008
Veiko Kukk wrote:
> Hi!
>
> I need to delay failed ssh password authentication as an additional
> measure against brute force ssh attacks. I understand, that shoud be
> accomplished through pam, but googling gave me no example. I have
> CentOS 5.2.
I think I'd set MaxAuthTries to 2 in /etc/ssh/sshd_config (give your
legit users one chance when they mistype the password), then use the
iptables stuff to rate limit ssh connections from a given source IP,
after a few connection attempts in < 1 minute, blacklist that IP for a
half hour or something.
you don't want to set it TOO sensitive or you'll find yourself unable to
open several shell windows to the same host (something I do frequently
so I can have one for an edit session or running an installer or
sommething, and another for man or for doing root stuff, or whatever.
More information about the CentOS
mailing list