28 Nov
2008
28 Nov
'08
4:21 p.m.
Veiko Kukk wrote:
I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2.
pam_sheild and pam_delay are both modules you can use for stuff like this, although I dont personally like either. If you get thousands of hits per hour, pam's internal response time gets slowed down, and its not insignificant unless you have exceptionally large machines.
Same thing with log watchers including denyhosts / fail2ban etc, the overhead isnt really worth it, at the moment switching ports to something else non-standard works well, needs no extra s/w etc.
- KB