Package: ssh Version: 4.2p1-5 Severity: wishlist
My servers are being constantly hit with automatic attempts to break in. I'd like to be able to make it more expensive for attackers to scan lots of username/passwords. A simple way is to add a constant delay, say 2--4 seconds, after a connection is found to be invalid, before sending the `Permission Denied' message. This would also fix bug #314645 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
