From owner-freebsd-isp@FreeBSD.ORG  Sat Jun  4 17:47:36 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 37E2A16A41C
	for <freebsd-isp@freebsd.org>; Sat,  4 Jun 2005 17:47:36 +0000 (GMT)
	(envelope-from reichert@numachi.com)
Received: from meisai.numachi.com (meisai.numachi.com [198.175.254.6])
	by mx1.FreeBSD.org (Postfix) with SMTP id 9128C43D1F
	for <freebsd-isp@freebsd.org>; Sat,  4 Jun 2005 17:47:34 +0000 (GMT)
	(envelope-from reichert@numachi.com)
Received: (qmail 55129 invoked from network); 4 Jun 2005 17:47:33 -0000
Received: from natto.numachi.com (198.175.254.216)
	by meisai.numachi.com with SMTP; 4 Jun 2005 17:47:33 -0000
Received: (qmail 79185 invoked from network); 4 Jun 2005 17:47:32 -0000
Received: from unknown (HELO natto.numachi.com) (127.0.0.1)
	by natto.numachi.com with SMTP; 4 Jun 2005 17:47:32 -0000
Received: (from reichert@localhost)
	by natto.numachi.com (8.13.1/8.12.11/Submit) id j54HlWlQ079183;
	Sat, 4 Jun 2005 13:47:32 -0400 (EDT)
	(envelope-from reichert@numachi.com)
X-Authentication-Warning: natto.numachi.com: reichert set sender to
	reichert@numachi.com using -f
Date: Sat, 4 Jun 2005 13:47:32 -0400
From: Brian Reichert <reichert@numachi.com>
To: John Brooks <john@day-light.com>
Message-ID: <20050604174732.GG79969@numachi.com>
References: <NHBBKEEMKJDINKDJBJHGOEMAJAAD.john@day-light.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <NHBBKEEMKJDINKDJBJHGOEMAJAAD.john@day-light.com>
User-Agent: Mutt/1.5.9i
Cc: freebsd-isp@freebsd.org
Subject: Re: inbound ssh ceased on 4 servers at same time
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2005 17:47:36 -0000

On Sat, Jun 04, 2005 at 12:10:28AM -0500, John Brooks wrote:
> today at about noon, all four freebsd servers on a clients lan
> quit accepting ssh connections.

I've been seeing a lot of brute-force sshd attacks, which leave
a lot of connections in an awkward state.  I've done this for my
primary sshd server, and seems to have alleviated my problems:

LoginGraceTime 60
MaxStartups 10:30:60

> --
> John Brooks
> john@day-light.com 

-- 
Brian Reichert				<reichert@numachi.com>
55 Crystal Ave. #286			Daytime number: (603) 434-6842
Derry NH 03038-1725 USA			BSD admin/developer at large