(PerSource)Penalties default perhaps too aggressive?
hvjunk
hvjunk at gmail.com
Thu Sep 11 05:13:54 AEST 2025
Good day,
Scenario:
Busy with my first deployment/lab test of PVE9/Debian13 that uses OpenSSH 10.0-p1 (1:10.0p1-7 Deb package version) and my normal ssh-copy-id triggers the penalty and then doesn’t install the keys. In *my* case I have like 4x keys to load, so ssh-copy-id tries them all, and then get the penalty triggers and the keys aren’t loaded.
My usual protection I deployed was sshguard (but typically after my ssh loaded and then I run Ansible deployments)
Q: using ssh-copy-id with 4x keys to test and load, how should I change the penalty settings to not block it so aggressively?
Hendrik
More information about the openssh-unix-dev
mailing list