[CentOS] How to delay failed ssh auth

Karanbir Singh mail-lists at karan.org
Fri Nov 28 16:21:29 UTC 2008


Veiko Kukk wrote:
> I need to delay failed ssh password authentication as an additional 
> measure against brute force ssh attacks. I understand, that shoud be 
> accomplished through pam, but googling gave me no example. I have CentOS 
> 5.2.

pam_sheild and pam_delay are both modules you can use for stuff like 
this, although I dont personally like either. If you get thousands of 
hits per hour, pam's internal response time gets slowed down, and its 
not insignificant unless you have exceptionally large machines.

Same thing with log watchers including denyhosts / fail2ban etc, the 
overhead isnt really worth it, at the moment switching ports to 
something else non-standard works well, needs no extra s/w etc.

- KB


More information about the CentOS mailing list