From owner-freebsd-questions@FreeBSD.ORG  Tue May  6 17:39:16 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 20680106564A
	for <freebsd-questions@freebsd.org>;
	Tue,  6 May 2008 17:39:16 +0000 (UTC)
	(envelope-from dkelly@Grumpy.DynDNS.org)
Received: from smtp.knology.net (smtp.knology.net [24.214.63.101])
	by mx1.freebsd.org (Postfix) with ESMTP id A5CE38FC15
	for <freebsd-questions@freebsd.org>;
	Tue,  6 May 2008 17:39:15 +0000 (UTC)
	(envelope-from dkelly@Grumpy.DynDNS.org)
Received: (qmail 2753 invoked by uid 0); 6 May 2008 17:39:14 -0000
Received: from unknown (HELO Grumpy.DynDNS.org) (216.186.148.249)
	by smtp7.knology.net with SMTP; 6 May 2008 17:39:14 -0000
Received: by Grumpy.DynDNS.org (Postfix, from userid 928)
	id E5FD528429; Tue,  6 May 2008 12:39:12 -0500 (CDT)
Date: Tue, 6 May 2008 12:39:12 -0500
From: David Kelly <dkelly@hiwaay.net>
To: Beech Rintoul <beech@freebsd.org>
Message-ID: <20080506173912.GB85015@Grumpy.DynDNS.org>
References: <q7412457qoumm8v8dbth10fug2ctbrlfp0@4ax.com>
	<200805060931.18936.beech@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200805060931.18936.beech@freebsd.org>
User-Agent: Mutt/1.4.2.3i
Cc: Gilles <gilles.ganault@free.fr>, freebsd-questions@freebsd.org
Subject: Re: [SSHd] Increasing wait time?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2008 17:39:16 -0000

On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
> >
> > Is there a way to configure SSHd, so that the wait time between
> > login attempts increases after X failed tries?
> 
> Not that I know of. You should look into denyhosts (in the ports) it
> works well and even has a RBL feature to block some of these script
> kiddies proactively. Unfortunately, these attempts have become a fact
> of life. I probably get 20 - 30 attempts a day between my various
> servers.

Depending on how you use ssh from external systems you could add
firewall rules to disallow all but known sources.

-- 
David Kelly N4HHE, dkelly@HiWAAY.net
========================================================================
Whom computers would destroy, they must first drive mad.