diff options
author | djm@openbsd.org <djm@openbsd.org> | 2024-09-15 03:18:26 +0200 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2024-09-15 03:23:11 +0200 |
commit | 0118a4da21147a88a56dc8b90bbc2849fefd5c1e (patch) | |
tree | bea90dba539be1ff731efd266cee103e7d12a6d9 /sftp-common.h | |
parent | upstream: Add a "refuseconnection" penalty class to sshd_config (diff) | |
download | openssh-0118a4da21147a88a56dc8b90bbc2849fefd5c1e.tar.xz openssh-0118a4da21147a88a56dc8b90bbc2849fefd5c1e.zip |
upstream: add a "Match invalid-user" predicate to sshd_config Match
options.
This allows writing Match conditions that trigger for invalid username.
E.g.
PerSourcePenalties refuseconnection:90s
Match invalid-user
RefuseConnection yes
Will effectively penalise bots try to guess passwords for bogus accounts,
at the cost of implicitly revealing which accounts are invalid.
feedback markus@
OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07
Diffstat (limited to 'sftp-common.h')
0 files changed, 0 insertions, 0 deletions