mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-18 00:10:04 +00:00
7db4f457f6
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via running the system out of resources. In reality, this wouldn't be a full DoS, but would make a system slower, but this is a better thing to do than let the system get loaded down. So here we are, rate-limiting. The default settings are now: Five connections are allowed to authenticate (and not be rejected) in a period of ten seconds. One minute is given for login grace time. More work in this area is being done by alfred@FreeBSD.org and markus@OpenBSD.org, at the very least. This is, essentially, a stopgap solution; however, it is a properly implemented and documented one, and has an easily modifiable framework.
21 lines
610 B
Plaintext
21 lines
610 B
Plaintext
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd_config Thu Nov 11 17:58:39 1999
|
|
+++ sshd_config Sun Dec 5 13:37:20 1999
|
|
@@ -2,12 +2,13 @@
|
|
|
|
Port 22
|
|
ListenAddress 0.0.0.0
|
|
-HostKey /etc/ssh_host_key
|
|
+HostKey __PREFIX__/etc/ssh_host_key
|
|
ServerKeyBits 768
|
|
-LoginGraceTime 600
|
|
+LoginGraceTime 60
|
|
KeyRegenerationInterval 3600
|
|
-PermitRootLogin yes
|
|
-#
|
|
+PermitRootLogin no
|
|
+# Rate-limit sshd connections to 5 connections per 10 seconds
|
|
+ConnectionsPerPeriod 5/10
|
|
# Don't read ~/.rhosts and ~/.shosts files
|
|
IgnoreRhosts yes
|
|
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|