> On 10 Sep 2025, at 23:15, Colin Watson <cjwatson@xxxxxxxxxx> wrote: > > On Wed, Sep 10, 2025 at 09:13:54PM +0200, hvjunk wrote: >> Busy with my first deployment/lab test of PVE9/Debian13 that uses OpenSSH 10.0-p1 (1:10.0p1-7 Deb package version) and my normal ssh-copy-id triggers the penalty and then doesn’t install the keys. In *my* case I have like 4x keys to load, so ssh-copy-id tries them all, and then get the penalty triggers and the keys aren’t loaded. > > I cherry-picked a post-10.0 upstream fix in this area into Debian testing/unstable, but haven't yet issued a stable update for it. Does https://bugs.debian.org/1080350 sound as though it matches your symptoms? Not quite, this does match other “hammering” cases (eg. find . -type f | xargs -P 50 rsync {} remote:/path/{} ) when I need multiple parallel sessions to keep the network/disk pipes busy. This “bug/1080350” is similar to another maxstartup parameter that has troubles with the massive parallel startup, which looks like a DoS attack to keep the system busy during the expensive public key exchange - been having those type of issues for at least 4 years, but those are parallel issue, not in the ssh-copy-id case a serialized “attack" _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
