Justin Piszcz wrote:
[about OpenSSH's MaxStartups random early drop]
I never knew about this, is this documented somewhere?
Try sshd_config(5):
MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values "start:rate:full" (e.g.,
"10:30:60"). sshd will refuse connection attempts with a proba-
bility of "rate/100" (30%) if there are currently "start" (10)
unauthenticated connections. The probability increases linearly
and all connection attempts are refused if the number of unau-
thenticated connections reaches "full" (60).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
