A naive interpretation would be that we keep a count of incoming connections we're working on and that as they become "authenticated", the count is decremented and more could possibly be dealt with? We can have an arbitrary number of "authenticated" connections? I assume "authenticated" is after we've exchanged keys and verified that expectations are met?
There's lots of explanations available via Google as to what's in the man page except for what "unauthenticated connections" means. It also seems as if the standard sshd doesn't log rejections because of this. Do we? Jim --- Iain MacDonnell wrote: > > > James Litchfield wrote on 06/16/08 03:46 PM: >> Attempts to connect? Something else? > > Ehm, according to sshd_config(4): > > " MaxStartups > > Specifies the maximum number of concurrent unauthenti- > cated connections to the sshd daemon. Additional > connections are dropped until authentication succeeds or > the LoginGraceTime expires for a connection. The default > is 10. > > Alternatively, random early drop can be enabled by > specifying the three colon-separated values > start:rate:full (for example, 10:30:60). Referring to > this example, sshd refuse connection attempts with a > probability of rate/100 (30% in our example) if there > are currently 10 (from the start field) unauthenticated > connections. The probability increases linearly and all > connection attempts are refused if the number of unau- > thenticated connections reaches full (60 in our exam- > ple)." > > ~Iain > >
