diff --git a/auth.go b/auth.go
index bb74670..1de0087 100644
--- a/auth.go
+++ b/auth.go
@@ -113,7 +113,7 @@ func (a *Auth) CheckBans(addr net.Addr, key ssh.PublicKey, clientVersion string)
 }
 
 // CheckPubkey determines if a pubkey fingerprint is permitted.
-func (a *Auth) CheckPubkey(key ssh.PublicKey) error {
+func (a *Auth) CheckPublicKey(key ssh.PublicKey) error {
 	authkey := newAuthKey(key)
 	whitelisted := a.whitelist.In(authkey)
 	if a.AllowAnonymous() || whitelisted {
diff --git a/auth_test.go b/auth_test.go
index 4cbfcea..a561f92 100644
--- a/auth_test.go
+++ b/auth_test.go
@@ -28,7 +28,7 @@ func TestAuthWhitelist(t *testing.T) {
 	}
 
 	auth := NewAuth()
-	err = auth.CheckPubkey(key)
+	err = auth.CheckPublicKey(key)
 	if err != nil {
 		t.Error("Failed to permit in default state:", err)
 	}
@@ -44,7 +44,7 @@ func TestAuthWhitelist(t *testing.T) {
 		t.Error("Clone key does not match.")
 	}
 
-	err = auth.CheckPubkey(keyClone)
+	err = auth.CheckPublicKey(keyClone)
 	if err != nil {
 		t.Error("Failed to permit whitelisted:", err)
 	}
@@ -54,7 +54,7 @@ func TestAuthWhitelist(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = auth.CheckPubkey(key2)
+	err = auth.CheckPublicKey(key2)
 	if err == nil {
 		t.Error("Failed to restrict not whitelisted:", err)
 	}
diff --git a/sshd/auth.go b/sshd/auth.go
index feab16d..ebcf6c6 100644
--- a/sshd/auth.go
+++ b/sshd/auth.go
@@ -20,7 +20,7 @@ type Auth interface {
 	// Given address and public key and client agent string, returns nil if the connection is not banned.
 	CheckBans(net.Addr, ssh.PublicKey, string) error
 	// Given a public key, returns nil if the connection should be allowed.
-	CheckPubkey(ssh.PublicKey) error
+	CheckPublicKey(ssh.PublicKey) error
 	// Given a passphrase, returns nil if the connection should be allowed.
 	CheckPassphrase(string) error
 	// BanAddr bans an IP address for the specified amount of time.
@@ -38,7 +38,7 @@ func MakeAuth(auth Auth) *ssh.ServerConfig {
 			if err != nil {
 				return nil, err
 			}
-			err = auth.CheckPubkey(key)
+			err = auth.CheckPublicKey(key)
 			if err != nil {
 				return nil, err
 			}
@@ -65,12 +65,11 @@ func MakeAuth(auth Auth) *ssh.ServerConfig {
 					} else {
 						err = auth.CheckPassphrase(answers[0])
 						if err != nil {
-							// TODO: make rate-limiting configurable
-							auth.BanAddr(conn.RemoteAddr(), time.Minute * 1)
+							auth.BanAddr(conn.RemoteAddr(), time.Second*2)
 						}
 					}
 				}
-			} else if !auth.AllowAnonymous(){
+			} else if !auth.AllowAnonymous() {
 				err = errors.New("public key authentication required")
 			}
 			return nil, err
diff --git a/sshd/client_test.go b/sshd/client_test.go
index cec5f0d..5ac4399 100644
--- a/sshd/client_test.go
+++ b/sshd/client_test.go
@@ -22,7 +22,7 @@ func (a RejectAuth) AcceptPassphrase() bool {
 func (a RejectAuth) CheckBans(addr net.Addr, key ssh.PublicKey, clientVersion string) error {
 	return errRejectAuth
 }
-func (a RejectAuth) CheckPubkey(ssh.PublicKey) error {
+func (a RejectAuth) CheckPublicKey(ssh.PublicKey) error {
 	return errRejectAuth
 }
 func (a RejectAuth) CheckPassphrase(string) error {