similar to: MaxStartups Confusion

The patch below (against openssh 3.2.3p1) adds a CheckMaxStartups option, defaulting to yes, to determine whether sshd calls drop_connection(). The motivation behind this is twofold. In our environment, our timesharing machines get enough incoming connections that will trigger spuriously with the default value (10 forked unauthenticated connections) as well as some significantly higher values,

https://bugzilla.mindrot.org/show_bug.cgi?id=3055 Bug ID: 3055 Summary: Need some high-probability logging re MaxStartups Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

I have a system where 4 or 5 times now it has locked out new ssh connections. It appears as if MaxStartups is not re-allowing connections when the number of unauthenticated connections drops. Instead, 100% rejection until sshd is restarted. The client (even "ssh localhost") gets one of: kex_exchange_identification: Connection closed by remote host kex_exchange_identification:

https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Bug ID: 2613 Summary: Log connections dropped when MaxStartups is reached Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-bugs

Hello, What is the effect of MaxStartups in the configuration file sshd_config? How this keyword effects the working of sshd? regards Kumaresh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020613/8306c832/attachment.html

https://bugzilla.mindrot.org/show_bug.cgi?id=3832 Bug ID: 3832 Summary: [PATCH] typo: MaxStartups instead of Maxstartups Product: Portable OpenSSH Version: 10.0p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and

Can interested users please test the latest snapshot at http://www.mindrot.org/misc/junk/openssh-SNAP-2000071102.tar.gz It contains quite a few fixes for small problems that have been reported in the last few weeks. Pending feedback it is going to become 2.1.1p3 Regards, Damien Miller --------------- Changelog: 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson

I haven't seen this behaviour and can't replicate it manually using OpenSSH 10.0. I think debugging this will require a log trace with LogLevel=debug3 if you can manage it. On Wed, 16 Apr 2025, Mark Hills wrote: > I have a system where 4 or 5 times now it has locked out new ssh > connections. > > It appears as if MaxStartups is not re-allowing connections when the >

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Hi, the following patch has been suggested by Mark Bradshaw <bradshaw at staff.crosswalk.com>. The simple concatenation of filenames in sftp client and server results in creating filenames beginning with double slashes when the cwd is the root directory: cwd: "/bar/baz" file: "foo" cwd + "/" + file = "/bar/baz/foo" cwd: "/" file:

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User

While I was updating our ssh-servers, I rewrote my old patch that adds idletimeout (just like in old ssh1) parameter to openssh. Since reapplying the patch for all new versions of openssh is not fun at all, I would like to have it included in the official openssh, if you consider the patch worthy. Unlike ClientAlive, idletimeout works for both protocol versions. It also works together with

Hi, We serve a fairly substantial number[1] of ssh connections across our fleet.? We have hit MaxStartups limits in the past and bumped it up a few times (currently at 300), but we have no warning before the limit is reached and connections start being dropped.? What I would love is some sort of instrumentation that could let us see the highest number of concurrent pre-auth connections the

On Thu, 17 Apr 2025, Damien Miller wrote: > I haven't seen this behaviour and can't replicate it manually using > OpenSSH 10.0. I think debugging this will require a log trace with > LogLevel=debug3 if you can manage it. Certainly can. Enabled in sshd_config and now a lot more information in auth.log. These occurances have been quite regular recently, so hopefully won't

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep