[Bug 3211] DDoS attack by using ssh-keyscan

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Sep 9 23:16:06 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3211

--- Comment #1 from kircher <kircherlike at outlook.com> ---
As we know, sshd provides the MaxStartups limit to restrict the number
of connections established at the same time. The ssh-keyscan command is
also used to establish connections. Multiple connections are
established based on the number of host keys on the server.

Simply put, as long as the ddos attacker executes such a script:

for((i=0;i<1;));do ssh-keyscan [IP address of the attacked host]
>/dev/null 2>&1  & done

The CPU usage of the attacked host becomes too high, and it is
difficult to accept normal SSH connection requests.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list