Veiko Kukk wrote:
Hi!
I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2.
I think I'd set MaxAuthTries to 2 in /etc/ssh/sshd_config (give your legit users one chance when they mistype the password), then use the iptables stuff to rate limit ssh connections from a given source IP, after a few connection attempts in < 1 minute, blacklist that IP for a half hour or something.
you don't want to set it TOO sensitive or you'll find yourself unable to open several shell windows to the same host (something I do frequently so I can have one for an edit session or running an installer or sommething, and another for man or for doing root stuff, or whatever.