Unrelated IP addresses
Posted Oct 22, 2009 22:05 UTC (Thu) by man_ls
In reply to: Distributed brute force ssh attacks
Parent article: Distributed brute force ssh attacks
Then delay the failures (even from unrelated IP addresses), but not successful logins. And add a max time of, say, 20s. If you enter your password wrong then you suffer a penalization of at most 20 seconds; if you do it right then you enter immediately. This should be enough to make brute force attacks impractical.
to post comments)