diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-06-06 22:25:48 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-06-06 22:26:15 +0200 |
| commit | 0e0c69761a4c33ccd4a256560f522784a753d1a8 (patch) | |
| tree | 304822d6ae27887d3bd6ac43fc807e00e4be54f2 /servconf.c | |
| parent | upstream: mention that PerSourcePenalties don't affect concurrent (diff) | |
| download | openssh-0e0c69761a4c33ccd4a256560f522784a753d1a8.tar.xz openssh-0e0c69761a4c33ccd4a256560f522784a753d1a8.zip | |
upstream: enable PerSourcePenalties by default.
ok markus
NB. if you run a sshd that accepts connections from behind large NAT
blocks, proxies or anything else that aggregates many possible users
behind few IP addresses, then this change may cause legitimate traffic
to be denied.
Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
PerSourceNetBlockSize options in sshd_config(5) for how to tune your
sshd(8) for your specific circumstances.
OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/servconf.c b/servconf.c index b04fb1048..4598ee373 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.408 2024/06/06 17:15:25 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.409 2024/06/06 20:25:48 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -413,7 +413,7 @@ fill_default_server_options(ServerOptions *options) if (options->per_source_masklen_ipv6 == -1) options->per_source_masklen_ipv6 = 128; if (options->per_source_penalty.enabled == -1) - options->per_source_penalty.enabled = 0; + options->per_source_penalty.enabled = 1; if (options->per_source_penalty.max_sources == -1) options->per_source_penalty.max_sources = 65536; if (options->per_source_penalty.overflow_mode == -1) |