Dag-Erling Smørgrav said the following on 02/15/06 23:35:
David Malone <[EMAIL PROTECTED]> writes:
I did once mail des@ to ask him if he'd mind me changing the default
login timeout for sshd to be (say) 5 minutes rather than 1 minute,
but I think he was busy at the time. Judging by the PR mentioned
above it should be at least 2m30s by default. Des, would you mind
this change being made?
No objection, just let me see the patch first.
DES
Just a thought, wouldn't this open a new possibility for denial of
service attacks?
Last year I already had to decrease the LoginGraceTime from 120 to 30
seconds on my production boxes, but it didn't help much, so on top of
that I got to implement (reinvent the wheel again) a script tailing the
auth.log and firewalling bad gyus in order to secure sshd and let my
legitimate users in.
I really miss the inetd features. A setting like "nowait/100/20/5"
(/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]])
would effectively bounce the bad guys, but AFAIK (correct me if I'm
wrong), ssh is no longer supposed to work via inetd and still has no
such capabilities.
I'd be nice to have something like for instance the sendmail's client
and rate connection limits, but I guess this is not the right place to ask.
Regards,
Atanas
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
