Login grace period implications
Martino Io
martino87rm at gmail.com
Tue May 19 20:21:29 AEST 2015
Good morning,
recently I run into some troubles with some pseudo "expect" application;
after hours of debugging I've realized that I've been hitting the login
grace period wall; first point here (was using v 6.0.0) is that there is no
debug message saying that connection was dropped due to that reason, the
debug log (DEBUG3) was unbelievably silent, wondering if I should write a
small patch to inform in DEBUG1 that a timeout has been reached.
Second point is that the solution for my problem has been to increase such
period to 5 minutes, while the SSH daemon doesn't listen on any publicly
exposed interface I would like to hear your opinion on having it set to 300
seconds; are there any security implications during the key exchange
because of that? I know that a could be more vulnerable to a DoS exhausting
my sessions, apart from that is there anything relevant from a security
point?
Thanks
--
Marcin
More information about the openssh-unix-dev
mailing list