On Fri, 2006-03-10 at 16:32 -0500, Chris Mauritz wrote:
I'm not really a programmer and I recently came across this hack to insert a short sleep statement into auth-passwd.c within sshd. It seems to quickly confuse automated dictionary attacks. I've moved sshd to higher ports but apparently the cretins are now scanning to look for that and attacking on whatever port sshd shows up on.
Anyway, the link to the hack is here:
http://www.aerospacesoftware.com/ssh-kiddies.html
Just wondering if any of the wizened programmers out there can think of any reason why this would be a bad thing to do.
Cheers,
Other than remembering to put it back in when you upgrade each time?
Probably a better course of action is to use strong passwords or better yet setup keys. Then it does not matter much how long or hard they guess passwords. You just have to ignore the noise in your log files.
You could try port knocking. There are few implementations of that available and should reduce or eliminate the problem.
But IMHO the best thing to do is make sure you use keys or at least good strong passwords, disable root ssh access, limit ssh to specific users. And ignore the noise in the logs.