Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

ufw/iptables and other firewalls can also throttle repeated connection attempts, which is almost always fine but could be something you don't want if you have a legitmate need to support many rapid ssh connections from the same source (CM tools, maybe?)


> if you have a legitmate need to support many rapid ssh connections from the same source (CM tools, maybe?)

If you're doing that, I strongly suggest using ControlMaster to reuse the connections; it makes security tools like this less grumpy, but it's also a nice performance win.


Just remember that only first connection, the one creating ControlMaster socket, is being authenticated, subsequent ones are not.


It's easy to do per source IP address and reasonably easy to add source IP address to whitelist automatically after successful auth.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: