Re: what about rate limiting?
- From: Darren Tucker <dtucker@xxxxxxxxxx>
- Date: Fri, 25 Aug 2006 12:04:18 +1000
Justin Piszcz wrote:
[about OpenSSH's MaxStartups random early drop]
I never knew about this, is this documented somewhere?
Try sshd_config(5):
MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values "start:rate:full" (e.g.,
"10:30:60"). sshd will refuse connection attempts with a proba-
bility of "rate/100" (30%) if there are currently "start" (10)
unauthenticated connections. The probability increases linearly
and all connection attempts are refused if the number of unau-
thenticated connections reaches "full" (60).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- References:
- Re: what about rate limiting?
- From: christian . perone
- Re: what about rate limiting?
- From: Justin Piszcz
- Re: what about rate limiting?
- Prev by Date: Re: what about rate limiting?
- Next by Date: authentication method shell variable?
- Previous by thread: Re: what about rate limiting?
- Next by thread: SFTP Error
- Index(es):
Relevant Pages
|
