[Bug 3797] New: PerSourcePenalty "grace-exceeded" uses tunable value for PerSourcePenalty "crash"

bugzilla-daemon Sat, 01 Mar 2025 15:16:58 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=3797


            Bug ID: 3797
           Summary: PerSourcePenalty "grace-exceeded" uses tunable value
                    for PerSourcePenalty "crash"
           Product: Portable OpenSSH
           Version: 9.9p2
          Hardware: UltraSPARC
                OS: Solaris
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: sshd
          Assignee: unassigned-b...@mindrot.org
          Reporter: ir...@princeton.edu

It seems that when PerSourcePenalty "grace-exceeded" is assessed, it
uses the value assigned to PerSourcePenalty "crash".

With default PerSourcePenalty tunables (crash:90s grace:10s), log says:

sshd[12345]: srclimit_penalise: ipv4: new 192.168.1.2/32 active penalty
of 90 seconds for penalty: exceeded LoginGraceTime

In srclimit_penalise() in ./srclimit.c, perhaps:
388     case SRCLIMIT_PENALTY_GRACE_EXCEEDED:
389         penalty_secs = penalty_cfg.penalty_crash;

should be:
388     case SRCLIMIT_PENALTY_GRACE_EXCEEDED:
389         penalty_secs = penalty_cfg.penalty_grace;

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3797] New: PerSourcePenalty "grace-exceeded" uses tunable value for PerSourcePenalty "crash"

Reply via email to