On Wed, 28 Feb 2018, Peter Stuge wrote: > Wolfgang S Rupprecht wrote: > > Simplest would be to never abort the extra happy eyeballs before > > actually logging in or the normal ssh connection timeout. > > 1. What do dualstack browsers do when the second connection opens? > > 2. ssh could complete authentication on the second connection and > then immediately close the connection - but this would trigger many > side effects on the server, and be a nuisance at the very least; > consider when a server requires token interaction to login, and > having a sliding window with some limited number of logins per day. > > I personally don't really want the client to open multiple > connections when I only specicy one server. IMO opening multiple connection (maybe mediated by a knob) is fine, so long as we do one connection first and stagger subsequent ones with a brief delay. Anti-authentication brute force scripts should probably look for actual auth attempts rather than connections; those are well-mitigated by MaxStartups already... -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
