OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources. In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
So here we are, rate-limiting. The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
More work in this area is being done by alfred@FreeBSD.org and
markus@OpenBSD.org, at the very least. This is, essentially, a
stopgap solution; however, it is a properly implemented and documented
one, and has an easily modifiable framework.
obsoleting a couple patches (it's the same code, though, except for
additions).
This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.
My patches have been almost entirely rewritten. The places are the
same, but the code's rewritten. It fits with the style (KNF) now,
and looks better.
I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs. After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2. Adding it to ssh/lib/ makes it work
yet again :)
in no way cryptographically encumbered code. The fact that it's
redistributed by me from freefall is completely coincidental.
Submitted by: obrien, Christian Weisgerber <naddy@unix-ag.uni-kl.de>
