[Bug 3797] New: PerSourcePenalty "grace-exceeded" uses tunable value for PerSourcePenalty "crash"
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Mar 2 10:13:14 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3797
Bug ID: 3797
Summary: PerSourcePenalty "grace-exceeded" uses tunable value
for PerSourcePenalty "crash"
Product: Portable OpenSSH
Version: 9.9p2
Hardware: UltraSPARC
OS: Solaris
Status: NEW
Severity: trivial
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: irwin at princeton.edu
It seems that when PerSourcePenalty "grace-exceeded" is assessed, it
uses the value assigned to PerSourcePenalty "crash".
With default PerSourcePenalty tunables (crash:90s grace:10s), log says:
sshd[12345]: srclimit_penalise: ipv4: new 192.168.1.2/32 active penalty
of 90 seconds for penalty: exceeded LoginGraceTime
In srclimit_penalise() in ./srclimit.c, perhaps:
388 case SRCLIMIT_PENALTY_GRACE_EXCEEDED:
389 penalty_secs = penalty_cfg.penalty_crash;
should be:
388 case SRCLIMIT_PENALTY_GRACE_EXCEEDED:
389 penalty_secs = penalty_cfg.penalty_grace;
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list