[CentOS] How to delay failed ssh auth

John R Pierce pierce at hogranch.com
Fri Nov 28 07:49:43 UTC 2008

Veiko Kukk wrote:
> Hi!
> I need to delay failed ssh password authentication as an additional 
> measure against brute force ssh attacks. I understand, that shoud be 
> accomplished through pam, but googling gave me no example. I have 
> CentOS 5.2.

I think I'd set MaxAuthTries to 2 in /etc/ssh/sshd_config (give your 
legit users one chance when they mistype the password), then use the 
iptables stuff to rate limit ssh connections from a  given source IP, 
after a few connection attempts in < 1 minute, blacklist that IP for a 
half hour or something.

you don't want to set it TOO sensitive or you'll find yourself unable to 
open several shell windows to the same host (something I do frequently 
so I can have one for an edit session or running an installer or 
sommething, and another for man or for doing root stuff, or whatever.

More information about the CentOS mailing list