On Fri, 2006-03-10 at 16:32 -0500, Chris Mauritz wrote: > I'm not really a programmer and I recently came across this hack to > insert a short sleep statement into auth-passwd.c within sshd. It seems > to quickly confuse automated dictionary attacks. I've moved sshd to > higher ports but apparently the cretins are now scanning to look for > that and attacking on whatever port sshd shows up on. I dealt with these attacks by only allowing PubkeyAuthentication. # Authentication types PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no ChallengeResponseAuthentication no This requires you to put your public key in .ssh/authorized_keys on remote servers. Make sure it's working before you set "PasswordAuthentication no" or you will lock yourself out. -David