On 19.06.24 00:40, Damien Miller wrote:
I suggest reading the documentation then: https://man.openbsd.org/sshd_config.5#PerSourcePenalties
Umh ...
noauth:duration
Specifies how long to refuse clients that disconnect without
attempting authentication (default: 1s). This timeout should
be used cautiously otherwise it may penalise legitimate scanning
tools such as ssh-keyscan(1).
... wouldn't that suggest that ssh-keyscan should get something like an "-i <interval>" option, in addition to "-T <timeout>"?
https://man.openbsd.org/ssh-keyscan.1 Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
