Veiko Kukk wrote: > Hi! > > I need to delay failed ssh password authentication as an additional > measure against brute force ssh attacks. I understand, that shoud be > accomplished through pam, but googling gave me no example. I have > CentOS 5.2. I think I'd set MaxAuthTries to 2 in /etc/ssh/sshd_config (give your legit users one chance when they mistype the password), then use the iptables stuff to rate limit ssh connections from a given source IP, after a few connection attempts in < 1 minute, blacklist that IP for a half hour or something. you don't want to set it TOO sensitive or you'll find yourself unable to open several shell windows to the same host (something I do frequently so I can have one for an edit session or running an installer or sommething, and another for man or for doing root stuff, or whatever.