sshd killed due to dos attack

Ben Lindstrom mouring at eviladmin.org
Sat Feb 6 15:18:19 EST 2010


On Jan 28, 2010, at 3:30 AM, ravindra Chavalam wrote:

> Hi Ben,
> 
> Thanks a lot for the response. I gave MaxStartups 10:30:60 (these are
> defaults i suppose for our requirements). Still facing the same issue. Is
> sshd getting killed is the expected behaviour?in that case how can i work
> around so that instead of killing sshd i just drop extra connections. Also
> interesting fact is drop_connections is not getting called?

If your  programing is causing sshd to segfault.  Then you need to figure out what combination of garbage you're sending is doing that.  I suspect you're triggering an edge case that isn't being handled graceful.

The proper behavior is that sshd will continue to run and will drop all or random connections based on MaxStartups definition.

- Ben


More information about the openssh-unix-dev mailing list