[openssh-commits] [openssh] 02/02: upstream: enable PerSourcePenalties by default.

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 0e0c69761a4c33ccd4a256560f522784a753d1a8
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu Jun 6 20:25:48 2024 +0000

    upstream: enable PerSourcePenalties by default.
    
    ok markus
    
    NB. if you run a sshd that accepts connections from behind large NAT
    blocks, proxies or anything else that aggregates many possible users
    behind few IP addresses, then this change may cause legitimate traffic
    to be denied.
    
    Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
    PerSourceNetBlockSize options in sshd_config(5) for how to tune your
    sshd(8) for your specific circumstances.
    
    OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce
---
 servconf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/servconf.c b/servconf.c
index b04fb104..4598ee37 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.408 2024/06/06 17:15:25 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.409 2024/06/06 20:25:48 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -413,7 +413,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->per_source_masklen_ipv6 == -1)
 		options->per_source_masklen_ipv6 = 128;
 	if (options->per_source_penalty.enabled == -1)
-		options->per_source_penalty.enabled = 0;
+		options->per_source_penalty.enabled = 1;
 	if (options->per_source_penalty.max_sources == -1)
 		options->per_source_penalty.max_sources = 65536;
 	if (options->per_source_penalty.overflow_mode == -1)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.