[Info-vax] SSH on VAX - performance impact of break in attempts

[Richard B. Gilbert]

urbancamo wrote:
> Good morning,
> 
> I have a VAX running Multinet V5.3 under a hobbyist license which has
> an SSH server running to allow access for selected remote users. I've
> been experiencing a number of break in attempts lately, generally
> lasting for several hours each. Each attempt causes the SSH server to
> utilise 100% CPU for about 20 seconds (on a VAXstation 4000/90) - this
> is having a negative impact for users on overall system performance. I
> am using the SSH2 server.
> 
> I have attempted a number of strategies to reduce this impact:
> 
> 1. I have defined an AllowUsers list so only named users are allowed.
> 2. I have set AuthInteractiveFailureTimeout to 30 so that there is a
> 30 second delay between login attempts from the same host/session.
> 3. I have set RequiredAuthentications to publickey,password so that
> both a password and a valid public key are required.
> 
> Unfortunately none of these strategies reduce the length of 100% CPU
> utilisation for failed login attempts.
> 
> If anyone has any suggestions that would be great.
> 
> Many thanks, Mark.

Have you talked to your ISP about the problem?

The internet is a "wild and woolly" place.  When I check my router's 
log, it shows five to ten connection attempts per minute!

I use a consumer grade router that will not accept incoming traffic 
unless it is in response to an outgoing request.  This won't work for 
you since you want to allow SOME incoming traffic.  I could, if I 
wished, block an incoming address or family of addresses.  That MIGHT 
work for you.

If you have a small number of people that you want to allow and if they 
have static IP addresses, that might be easy to do.