Bug 280827
| Summary: | security/py-ssh-audit: does not work at all | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Michael Osipov <michaelo> |
| Component: | Individual Port(s) | Assignee: | Piotr Kubaj <pkubaj> |
| Status: | Closed FIXED | ||
| Severity: | Affects Many People | CC: | mayhem30, michaelo |
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(pkubaj) |
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Michael Osipov
2024-08-15 09:40:52 UTC
Thanks, I also had some issues but ssh-audit worked in some cases so I thought it was just some network issues (which I actually had at that time). A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f02e397c3be1c20d736e3412ca82f14ba14b9e8c commit f02e397c3be1c20d736e3412ca82f14ba14b9e8c Author: Piotr Kubaj <pkubaj@FreeBSD.org> AuthorDate: 2024-08-16 10:32:11 +0000 Commit: Piotr Kubaj <pkubaj@FreeBSD.org> CommitDate: 2024-08-16 11:54:25 +0000 security/py-ssh-audit: fix hang on runtime PR: 280827 Submitted by: michaelo security/py-ssh-audit/Makefile | 1 + .../files/patch-src_ssh__audit_dheat.py (new) | 23 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) After using this patch, I'm getting the rate-throttling message again, even though I have "PerSourceMaxStartups 1" enabled in sshd_config. The message didn't show before the patch. I'm using FreeBSD 13.3-RELEASE-p5 38 connections were created in 0.180 seconds, or 210.7 conns/sec; server must respond with a rate less than 20.0 conns/sec per IPv4/IPv6 source address to be considered safe. For rate-throttling options, please see https://www.ssh-audit.com/hardening_guides.html. Be aware that using 'PerSourceMaxStartups 1' properly protects the server from this attack, but will cause this test to yield a false positive. Suppress this test and message with the --skip-rate-test option. |