From owner-freebsd-questions@FreeBSD.ORG  Tue May  6 17:31:23 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2433B106564A
	for <freebsd-questions@freebsd.org>;
	Tue,  6 May 2008 17:31:23 +0000 (UTC)
	(envelope-from beech@freebsd.org)
Received: from freebsd.alaskaparadise.com (freebsd.alaskaparadise.com
	[208.79.80.117])
	by mx1.freebsd.org (Postfix) with ESMTP id EA9F88FC1E
	for <freebsd-questions@freebsd.org>;
	Tue,  6 May 2008 17:31:22 +0000 (UTC)
	(envelope-from beech@freebsd.org)
Received: from 137-42-178-69.gci.net (137-42-178-69.gci.net [69.178.42.137])
	by freebsd.alaskaparadise.com (Postfix) with ESMTP id 5823F238380C;
	Tue,  6 May 2008 17:31:22 +0000 (UTC)
From: Beech Rintoul <beech@freebsd.org>
To: freebsd-questions@freebsd.org
Date: Tue, 6 May 2008 09:31:15 -0800
User-Agent: KMail/1.9.7
References: <q7412457qoumm8v8dbth10fug2ctbrlfp0@4ax.com>
In-Reply-To: <q7412457qoumm8v8dbth10fug2ctbrlfp0@4ax.com>
X-Face: jC2w\k*Q1\0DA2Q0Eh&B<LgSCl"Ia}yHjNtfO-rv-8f~/$lBP#.]lp7`}"=?utf-8?q?x5C=3B=5DQ+=23VWyr=0A=09r=60L4ur=26=7Ewh=7Eg=27z+udoy=3Ft?=>rP/Rt2M,^2O#R07VoT98m*>miQF9%Bi9vy`F6cPjwEe?m,)=?utf-8?q?2=0A=09X=3FM=5C=3AOE9QgZ?="xT3/n3,3MJ7N=Cfkmi%f(w^~X"SUxn>;
	27NO;
	C+)g[7J`$G*SN>{<=?utf-8?q?O=3Bg7=7C=0A=09o=7D=265A=5D4?=@7D`=Eb@Zs1Ln814?]|k@'bG=.Ca"[|8+_.OsNAo8!#?4u
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200805060931.18936.beech@freebsd.org>
Cc: Gilles <gilles.ganault@free.fr>
Subject: Re: [SSHd] Increasing wait time?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Beech Rintoul <beech@freebsd.org>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2008 17:31:23 -0000

On Tuesday 06 May 2008, Gilles said:
> Hello
>
> I'm a bit tired of people trying to break into SSH:
>
> May  6 16:59:23 freebsd sshd[24649]: Invalid user agatha from
> 195.43.9.246
> May  6 16:59:26 freebsd sshd[24651]: Invalid user cristie from
> 195.43.9.246
> May  6 16:59:29 freebsd sshd[24653]: Invalid user number from
> 195.43.9.246
> May  6 16:59:31 freebsd sshd[24655]: Invalid user chamber from
> 195.43.9.246
> etc.
>
> Is there a way to configure SSHd, so that the wait time between
> login attempts increases after X failed tries?
>
> Thank you.

Not that I know of. You should look into denyhosts (in the ports) it 
works well and even has a RBL feature to block some of these script 
kiddies proactively. Unfortunately, these attempts have become a fact 
of life. I probably get 20 - 30 attempts a day between my various 
servers.

Beech


-- 
---------------------------------------------------------------------------------------
Beech Rintoul - FreeBSD Developer - beech@FreeBSD.org
/"\   ASCII Ribbon Campaign  | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail   | http://www.freebsd.org
 X  - NO Word docs in e-mail | Latest Release:
/ \  - http://www.FreeBSD.org/releases/7.0R/announce.html
---------------------------------------------------------------------------------------