On Thursday 08 May 2008 05:50:59 Steve Bertrand wrote: > >> ssh stream tcp nowait/20/4/10 root /usr/sbin/sshd sshd -i > >> > >> into /etc/inetd.conf set a limit of > >> > >> * 20 overall ssh connections > >> * 4 connection attempts per minute > >> * at most 10 connections from a single IP > >> > >> This works very well on a personal server, not sure how it scales up. > > > > So if I copy over some files via scp, I can lock myself out. Fun stuff ;) > > Come on... > > The comment was based on a 'personal' server for logins. > > How 'bout you explain why SCP would break this so the OP understands... > > Otherwise, explain why running an FTP session through one of the > server's SSH tunnels wouldn't be equally viable to running an unlimited > number of SCP sessions over normal TCP ;)
because: for FILE in */*.[ch]; do scp ${FILE} host:/backup; done is quicker to write then setup tunnels. The point is, that there's a difference between failed login attempts and incoming connections. sshd logs failed login attempts, so it's easy to seperate them (sysutils/grok) and set the rate limit to an acceptable value, should one try to hammer the server by simply opening connections. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"