> On 10 Sep 2025, at 22:02, Rory Campbell-Lange <rory@xxxxxxxxxxxxxxxxxx> wrote: > > On 10/09/25, hvjunk (hvjunk@xxxxxxxxx) wrote: >> Busy with my first deployment/lab test of PVE9/Debian13 that uses OpenSSH 10.0-p1 (1:10.0p1-7 Deb package version) and my normal ssh-copy-id triggers the penalty and then doesn’t install the keys. In *my* case I have like 4x keys to load, so ssh-copy-id tries them all, and then get the penalty triggers and the keys aren’t loaded. > > Can you pre-configure sshd_config on the Debian hosts with the PerSourcePenaltyExemptList directive prior to installing keys? simpler to just set "PerSourcePenalties no” as most cases I need to do this I’m from mobile/random IPs on laptops :D > You could also tweak the penalty settings for various conditions in PerSourcePenalties. I'm guessing expanding min:duration might work in this case but I haven't tried it. yeah, it’s understanding that examples configs I haven’t seen documented (yet) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
