Hi Group! I'm seeking opinions about an sshd feature. I was doing some work on a remote system (I did not set it up) that seemed to be refusing ssh and scp connections randomly. I looked into it, and finally stumbled across this from sshd_config(5), MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated val‐ ues “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of “rate/100” (30%) if there are currently “start” (10) unauthenticated connec‐ tions. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches “full” (60). Indeed, the server had this setting, MaxStartups 10:50:20 This just seems like a terrible option. You can DOS their server just by making 20 connections and leaving them hanging. And it breaks any automated scripts relying on ssh or scp (unless you wrap them in a loop until they succeed, ugh). My guess is that the reasoning behind this feature that it will filter out a number of automated attacks. That seems no better than security-by-obscurity, and I know how some of you feel about that. :) Can you think of any sane reason to enable this feature, or for it to even exist at all? Best regards, -Jamie