(PerSource)Penalties default perhaps too aggressive?
Brian Candler
b.candler at pobox.com
Thu Sep 11 05:53:21 AEST 2025
On 10/09/2025 20:13, hvjunk wrote:
> Busy with my first deployment/lab test of PVE9/Debian13 that uses OpenSSH 10.0-p1 (1:10.0p1-7 Deb package version) and my normal ssh-copy-id triggers the penalty and then doesn’t install the keys.
Do you know (e.g. from sshd logs) what condition is triggering the
penalty? There are certain conditions that count against the client,
such as failed authentication, clients that disconnect without
attempting authentication, clients that wait longer that LoginGraceTime
before authenticating, and so on. But AFAIK, a well-behaved client
should not be penalised.
https://man.openbsd.org/sshd_config
More information about the openssh-unix-dev
mailing list