On Thursday 08 May 2008 05:50:59 Steve Bertrand wrote:
> >>    ssh stream  tcp  nowait/20/4/10  root  /usr/sbin/sshd  sshd -i
> >>
> >> into /etc/inetd.conf set a limit of
> >>
> >> * 20 overall ssh connections
> >> * 4 connection attempts per minute
> >> * at most 10 connections from a single IP
> >>
> >> This works very well on a personal server, not sure how it scales up.
> >
> > So if I copy over some files via scp, I can lock myself out. Fun stuff ;)
> Come on...
> The comment was based on a 'personal' server for logins.
> How 'bout you explain why SCP would break this so the OP understands...
> Otherwise, explain why running an FTP session through one of the
> server's SSH tunnels wouldn't be equally viable to running an unlimited
> number of SCP sessions over normal TCP ;)

for FILE in */*.[ch]; do scp ${FILE} host:/backup; done
is quicker to write then setup tunnels.

The point is, that there's a difference between failed login attempts and 
incoming connections. sshd logs failed login attempts, so it's easy to 
seperate them (sysutils/grok) and set the rate limit to an acceptable value, 
should one try to hammer the server by simply opening connections.


Problem with today's modular software: they start with the modules
    and never get to the software part.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to