Date: Wed, 22 Feb 2006 14:05:31 +0000 (UTC) From: Volker Stolz <vs@FreeBSD.org> To: freebsd-stable@freebsd.org Subject: Re: SSH login takes very long time...sometimes Message-ID: <dthr3b$o05$1@sea.gmane.org> References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com> <20051227101621.GA16276@walton.maths.tcd.ie> <86irrfoix5.fsf@xps.des.no> <43F4E3B0.1090806@asd.aplus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Atanas <atanas@asd.aplus.net>: > I really miss the inetd features. A setting like "nowait/100/20/5" > (/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]) > would effectively bounce the bad guys, but AFAIK (correct me if I'm > wrong), ssh is no longer supposed to work via inetd and still has no > such capabilities. We're succesfully running openssh-portable from inetd with: ssh stream tcp nowait/0/12 root /usr/local/sbin/sshd sshd -i -f /etc/ssh/sshd_config vs@lambda$ grep ssh /var/log/messages Feb 14 02:15:04 lambda inetd[19345]: ssh from 62.81.185.120 exceeded counts/min (limit 12/min) Feb 14 02:15:04 lambda inetd[19345]: ssh from 62.81.185.120 exceeded counts/min (limit 12/min) Feb 14 16:43:15 lambda inetd[19345]: ssh from 220.130.23.134 exceeded counts/min (limit 12/min) ... I'd also recommend pam_af for locking out brute-forcers: http://mbsd.msk.ru/pam_af.html For example we have: <host hostname='tin.cn.ee.ccu.edu.tw'> <attempts>9</attempts> <last_attempt>Mon Nov 7 15:05:50 2005</last_attempt> <status>locked</status> </host> vs@lambda$ sudo pam_af_tool statlist | grep locked | wc -l 363 Volker -- http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME "All the excitement lies in pattern matching." (SPJ et al.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dthr3b$o05$1>