bugzilla-daemon at mindrot.org
2024-Jul-12 18:15 UTC
[Bug 3709] New: PerSourceMaxStartups no longer works as advertised
https://bugzilla.mindrot.org/show_bug.cgi?id=3709 Bug ID: 3709 Summary: PerSourceMaxStartups no longer works as advertised Product: Portable OpenSSH Version: 9.8p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: hans at anargy.com According to the manpage, PerSourceMaxStartups specifies the number of unauthenticated connections allowed from a given source address. If this is set at a number, for example 3, it should be possible to open multiple authenticated sessions, one after another. Until version 9.7p1 this was possible. But set at for example 3, it is not possible to open more than three sessions, with the message in the log that new sessions are being dropped. What is worse, if all these sessions are disconnected again, it is not possible at all to log in for a number of minutes. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Jul-15 04:00 UTC
[Bug 3709] PerSourceMaxStartups no longer works as advertised
https://bugzilla.mindrot.org/show_bug.cgi?id=3709 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- I can't reproduce this. Could you please include logs from sshd refusing connections? It's possible that you're seeing the effects of the new PerSourcePenalties option: https://man.openbsd.org/sshd_config#PerSourcePenalties Depending on your environment, you might need to adjust its threshold/timeouts or disable it. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- An Analysis of the DHEat DoS Against SSH in Cloud Environments
- An Analysis of the DHEat DoS Against SSH in Cloud Environments
- [Bug 3706] New: Support upgrading sshd without restarting the server
- [Bug 1747] New: AuthorizedKeysFile not working as advertised
- An Analysis of the DHEat DoS Against SSH in Cloud Environments