That is always a possibility even without adding a delay. There is a 
setting in sshd_conf that limits number of unauthenticated connections. 
Using this setting will also possible to create denial of service condition.
Creating a delay will serve as a possible deterrent of automated 
password guessing. As I mentioned it is not good on busy interactive shh 
servers, but on game/http/ftp servers where numbers of interactive ssh 
logins is low, this could be used.

Are there any other problems with this besides denial of service?

Regards,
Alex


Daniel Carosone wrote:
> On Wed, Sep 13, 2006 at 02:38:56PM -0700, Alex Pelts wrote:
>> I was trying to improve on my banhosts utility and while searching for 
>> possible features I found this page 
>> http://tdot.blog-city.com/securing_ssh_with_denyhosts.htm
>>
>> This solution maybe not appropriate for hosts with high number of ssh 
>> users but for http/ftp/game servers it will make password guessing very 
>> time consuming.
> 
> You're opening yourself to denial of service, if someone opens many
> ssh logins to you in parallel.
> 
> --
> Dan.