connection rate limitation for sshd - is it possible ?
Oliver Fromme
olli at lurza.secnetix.de
Thu Apr 6 11:33:52 UTC 2006
This is off-topic (not amd64-related),
and you hijacked another thread, but anyway ...
xdavid at svinew.natur.cuni.cz wrote:
> please, is there a way to limit the number of connections to openssh
> daemon per time period per source ip address ? I am using this on linux
> boxes with iptables, but couldn't figure out how to do this with IPF on
> FreeBSD. If it is not possible, is there another way how to do this ? Or
> do you think it is (un)wise to run sshd under inetd with "-C" switch or
> "max-connections-per-ip-per-minute" parameter ?
It is unwise, because sshd has to generate the server key
each time it is started -- if started from inetd, that
would be each time a client connection is accepted.
Please read the description of the "-i" option in the sshd
manpage. It explains it pretty well.
Maybe using "MaxStartups" in your sshd_config would be a
better solution (refer to the manpage for details).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"If you think C++ is not overly complicated, just what is a protected
abstract virtual base pure virtual private destructor, and when was the
last time you needed one?"
-- Tom Cargil, C++ Journal
More information about the freebsd-amd64
mailing list