Date: Thu, 6 Apr 2006 13:33:29 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-amd64@FreeBSD.ORG Subject: Re: connection rate limitation for sshd - is it possible ? Message-ID: <200604061133.k36BXTve097808@lurza.secnetix.de>
next in thread | raw e-mail | index | archive | help
This is off-topic (not amd64-related), and you hijacked another thread, but anyway ... xdavid@svinew.natur.cuni.cz wrote: > please, is there a way to limit the number of connections to openssh > daemon per time period per source ip address ? I am using this on linux > boxes with iptables, but couldn't figure out how to do this with IPF on > FreeBSD. If it is not possible, is there another way how to do this ? Or > do you think it is (un)wise to run sshd under inetd with "-C" switch or > "max-connections-per-ip-per-minute" parameter ? It is unwise, because sshd has to generate the server key each time it is started -- if started from inetd, that would be each time a client connection is accepted. Please read the description of the "-i" option in the sshd manpage. It explains it pretty well. Maybe using "MaxStartups" in your sshd_config would be a better solution (refer to the manpage for details). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor, and when was the last time you needed one?" -- Tom Cargil, C++ Journal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604061133.k36BXTve097808>