[CentOS] How to delay failed ssh auth
John R Pierce
pierce at hogranch.com
Fri Nov 28 07:49:43 UTC 2008
Veiko Kukk wrote:
> I need to delay failed ssh password authentication as an additional
> measure against brute force ssh attacks. I understand, that shoud be
> accomplished through pam, but googling gave me no example. I have
> CentOS 5.2.
I think I'd set MaxAuthTries to 2 in /etc/ssh/sshd_config (give your
legit users one chance when they mistype the password), then use the
iptables stuff to rate limit ssh connections from a given source IP,
after a few connection attempts in < 1 minute, blacklist that IP for a
half hour or something.
you don't want to set it TOO sensitive or you'll find yourself unable to
open several shell windows to the same host (something I do frequently
so I can have one for an edit session or running an installer or
sommething, and another for man or for doing root stuff, or whatever.
More information about the CentOS