[Bug 3211] DDoS attack by using ssh-keyscan

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Sep 11 11:44:54 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3211

--- Comment #2 from kircher <kircherlike at outlook.com> ---
To solve this problem, add the anti-DDoS function to the sshd
implementation mechanism.

For example, you are advised to add the SshDdosInterval and
SshDdosCountMax parameters to the sshd configuration file. The value of
this parameter is that for the client with the same identifier (which
can be the IP address, MAC address, or SSH hostkey), the number of
successful connections within the period specified by SshDdosInterval
cannot exceed the value of SshDdosCountMax.

Adding the Ddos mechanism behind the Maxstartups mechanism is an
effective solution.

These are two names that match the ssh naming rules, aren't they?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list