Mercurial > dropbear

view sshpty.h @ 1790:42745af83b7d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Introduce extra delay before closing unauthenticated sessions To make it harder for attackers, introduce a delay to keep an unauthenticated session open a bit longer, thus blocking a connection slot until after the delay. Without this, while there is a limit on the amount of attempts an attacker can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt is still short and thus for each of the allowed parallel attempts many attempts can be chained one after the other. The attempt rate is then: "MAX_UNAUTH_PER_IP / <process time of one attempt>". With the delay, this rate becomes: "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
author Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date Wed, 15 Feb 2017 13:53:04 +0100
parents fe6bca95afa7
children
line wrap: on
line source

/*	$OpenBSD: sshpty.h,v 1.4 2002/03/04 17:27:39 stevesk Exp $	*/

/*
 * Copied from openssh-3.5p1 source by Matt Johnston 2003
 *
 * Author: Tatu Ylonen <[email protected]>
 * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
 *                    All rights reserved
 * Functions for allocating a pseudo-terminal and making it the controlling
 * tty.
 *
 * As far as I am concerned, the code I have written for this software
 * can be used freely for any purpose.  Any derived versions of this
 * software must be clearly marked as such, and if the derived work is
 * incompatible with the protocol description in the RFC file, it must be
 * called by a name other than "ssh" or "Secure Shell".
 */

#ifndef SSHPTY_H
#define SSHPTY_H

int	 pty_allocate(int *, int *, char *, int);
void	 pty_release(const char *);
void	 pty_make_controlling_tty(int *, const char *);
void	 pty_change_window_size(int, int, int, int, int);
void	 pty_setowner(struct passwd *, const char *);

#endif /* SSHPTY_H */