On 10/09/25, hvjunk (hvjunk@xxxxxxxxx) wrote: > Busy with my first deployment/lab test of PVE9/Debian13 that uses OpenSSH 10.0-p1 (1:10.0p1-7 Deb package version) and my normal ssh-copy-id triggers the penalty and then doesn’t install the keys. In *my* case I have like 4x keys to load, so ssh-copy-id tries them all, and then get the penalty triggers and the keys aren’t loaded. Can you pre-configure sshd_config on the Debian hosts with the PerSourcePenaltyExemptList directive prior to installing keys? This will allow you to specify a comma-separated list of addresses to exempt from penalties. You could also tweak the penalty settings for various conditions in PerSourcePenalties. I'm guessing expanding min:duration might work in this case but I haven't tried it. Rory _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
