artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e4a6c81) | patch
enable PerSourcePenalties by default.
authordjm <djm@openbsd.org>
Thu, 6 Jun 2024 20:25:48 +0000 (20:25 +0000)
committerdjm <djm@openbsd.org>
Thu, 6 Jun 2024 20:25:48 +0000 (20:25 +0000)
commitf6832f21f1087f52ff357992489c017b55a20c06
tree03b8700b87dedc6a0a847a9b922866776111aacetree | snapshot
parente4a6c81bee46a631427ce8dfa10e5de10f0ff88ccommit | diff
enable PerSourcePenalties by default.

ok markus

NB. if you run a sshd that accepts connections from behind large NAT
blocks, proxies or anything else that aggregates many possible users
behind few IP addresses, then this change may cause legitimate traffic
to be denied.

Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
PerSourceNetBlockSize options in sshd_config(5) for how to tune your
sshd(8) for your specific circumstances.
usr.bin/ssh/servconf.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim