Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3211

--- Comment #1 from kircher <kircherlike@outlook.com> ---
As we know, sshd provides the MaxStartups limit to restrict the number
of connections established at the same time. The ssh-keyscan command is
also used to establish connections. Multiple connections are
established based on the number of host keys on the server.

Simply put, as long as the ddos attacker executes such a script:

for((i=0;i<1;));do ssh-keyscan [IP address of the attacked host]
>/dev/null 2>&1 & done

The CPU usage of the attacked host becomes too high, and it is
difficult to accept normal SSH connection requests.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3211

--- Comment #2 from kircher <kircherlike@outlook.com> ---
To solve this problem, add the anti-DDoS function to the sshd
implementation mechanism.

For example, you are advised to add the SshDdosInterval and
SshDdosCountMax parameters to the sshd configuration file. The value of
this parameter is that for the client with the same identifier (which
can be the IP address, MAC address, or SSH hostkey), the number of
successful connections within the period specified by SshDdosInterval
cannot exceed the value of SshDdosCountMax.

Adding the Ddos mechanism behind the Maxstartups mechanism is an
effective solution.

These are two names that match the ssh naming rules, aren't they?

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs