Good morning, recently I run into some troubles with some pseudo "expect" application; after hours of debugging I've realized that I've been hitting the login grace period wall; first point here (was using v 6.0.0) is that there is no debug message saying that connection was dropped due to that reason, the debug log (DEBUG3) was unbelievably silent, wondering if I should write a small patch to inform in DEBUG1 that a timeout has been reached. Second point is that the solution for my problem has been to increase such period to 5 minutes, while the SSH daemon doesn't listen on any publicly exposed interface I would like to hear your opinion on having it set to 300 seconds; are there any security implications during the key exchange because of that? I know that a could be more vulnerable to a DoS exhausting my sessions, apart from that is there anything relevant from a security point? Thanks -- Marcin _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
