diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2024-06-06 20:25:49 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2024-06-06 20:25:49 +0000 |
| commit | 4e241bb1d98dd1de4bd330be823dacfd72328be5 (patch) | |
| tree | cd65de825b448c95ca79f0cfe458a4876456d3e7 /usr.bin/ssh | |
| parent | a8afca2e0a620e19e80cde00d6588dbfa3b2e5be (diff) | |
enable PerSourcePenalties by default.
ok markus
NB. if you run a sshd that accepts connections from behind large NAT
blocks, proxies or anything else that aggregates many possible users
behind few IP addresses, then this change may cause legitimate traffic
to be denied.
Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
PerSourceNetBlockSize options in sshd_config(5) for how to tune your
sshd(8) for your specific circumstances.
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/servconf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 51855b8c46b..89909819cba 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.408 2024/06/06 17:15:25 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.409 2024/06/06 20:25:48 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -388,7 +388,7 @@ fill_default_server_options(ServerOptions *options) if (options->per_source_masklen_ipv6 == -1) options->per_source_masklen_ipv6 = 128; if (options->per_source_penalty.enabled == -1) - options->per_source_penalty.enabled = 0; + options->per_source_penalty.enabled = 1; if (options->per_source_penalty.max_sources == -1) options->per_source_penalty.max_sources = 65536; if (options->per_source_penalty.overflow_mode == -1) |