Call for testing: openssh-9.8
Jochen Bern
Jochen.Bern at binect.de
Wed Jun 19 19:00:01 AEST 2024
On 19.06.24 00:40, Damien Miller wrote:
> I suggest reading the documentation then:
> https://man.openbsd.org/sshd_config.5#PerSourcePenalties
Umh ...
> noauth:duration
> Specifies how long to refuse clients that disconnect without
> attempting authentication (default: 1s). This timeout should
> be used cautiously otherwise it may penalise legitimate scanning
> tools such as ssh-keyscan(1).
... wouldn't that suggest that ssh-keyscan should get something like an
"-i <interval>" option, in addition to "-T <timeout>"?
https://man.openbsd.org/ssh-keyscan.1
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240619/b88a8de9/attachment.p7s>
More information about the openssh-unix-dev
mailing list