mention that PerSourcePenalties don't affect concurrent in-progress

connections.

1 files changed, 4 insertions, 3 deletions

diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index 430de76071a..7c1cb57012d 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.356 2024/06/06 17:15:25 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.357 2024/06/06 20:20:42 djm Exp $
 .Dd $Mdocdate: June 6 2024 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -1565,8 +1565,9 @@ If a penalty is enforced against a client then its source address and any
 others in the
 .Cm PerSourceNetBlockSize
 will be refused connection for a period.
-Multiple penalties from the same source from concurrent connections will
-accumulate up to a maximum.
+A penalty doesn't affect concurrent connections in progress, but multiple
+penalties from the same source from concurrent connections will accumulate
+up to a maximum.
 Conversely, penalties are not applied until a minimum threshold time has been
 accumulated.
 Penalties are off by default but may be enabled using default settings using the