Bug#1080350: marked as done (openssh-server: refuses further connections after having handled PerSourceMaxStartups connections)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 10 Aug 2025 10:14:04 +0000
with message-id <E1ul340-007mFj-1s@fasolo.debian.org>
and subject line Bug#1080350: fixed in openssh 1:10.0p1-8
has caused the Debian Bug report #1080350,
regarding openssh-server: refuses further connections after having handled PerSourceMaxStartups connections
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1080350: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080350
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: openssh-server: refuses further connections after having handled PerSourceMaxStartups connections
• From: Kacper Gutowski <mwgamera@gmail.com>
• Date: Mon, 2 Sep 2024 19:05:25 +0200
• Message-id: <CAMkCj6g0-ZVsiC6ZQO8atfiEec1K=8Vy+WWsApWyH_wPQgZdNQ@mail.gmail.com>

Package: openssh-server
Version: 1:9.8p1-4
Severity: normal

The PerSourceMaxStartups should limit the number of concurrent
unauthenticated connections coming from a single source. But in recent
versions, all further connections from the given address are refused
after the server has handled the configured PerSourceMaxStartups
connections from it. It worked the expected way in some past versions.

To reproduce:

# sponge /etc/ssh/sshd_config.d/bug-startups.conf <<< 'PerSourceMaxStartups 2'
# service ssh restart
$ ssh localhost true
$ ssh localhost true
$ ssh localhost true

Observe the third connection failing and 'beginning MaxStartups
throttling' being logged without any other concurrent connections from
the localhost at all.

-k

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (900, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.12-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssh-server depends on:
ii  adduser                    3.137
ii  debconf [debconf-2.0]      1.5.87
ii  init-system-helpers        1.66
ii  libaudit1                  1:3.1.2-4+b1
ii  libc6                      2.40-2
ii  libcom-err2                1.47.1-1
ii  libcrypt1                  1:4.4.36-5
ii  libgssapi-krb5-2           1.21.3-3
ii  libkrb5-3                  1.21.3-3
ii  libpam-modules             1.5.3-7
ii  libpam-runtime             1.5.3-7
ii  libpam0g                   1.5.3-7
ii  libselinux1                3.7-1+b1
ii  libssl3t64                 3.3.1-7
ii  libwrap0                   7.6.q-33
ii  lsb-base                   11.6
ii  openssh-client             1:9.8p1-4
ii  openssh-sftp-server        1:9.8p1-4
ii  procps                     2:4.0.4-5
ii  runit-helper               2.16.3
ii  sysvinit-utils [lsb-base]  3.10-1
ii  ucf                        3.0043+nmu1
ii  zlib1g                     1:1.3.dfsg+really1.3.1-1

Versions of packages openssh-server recommends:
pn  default-logind | logind | libpam-systemd  <none>
ii  ncurses-term                              6.5-2
ii  xauth                                     1:1.1.2-1

Versions of packages openssh-server suggests:
ii  molly-guard   0.8.4
pn  monkeysphere  <none>
ii  ssh-askpass   1:1.2.4.1-16+b1
pn  ufw           <none>

-- Configuration Files:
/etc/ssh/moduli changed [not included]

-- debconf information:
  openssh-server/permit-root-login: true
  openssh-server/password-authentication: false

--- End Message ---

--- Begin Message ---

• To: 1080350-close@bugs.debian.org
• Subject: Bug#1080350: fixed in openssh 1:10.0p1-8
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 10 Aug 2025 10:14:04 +0000
• Message-id: <E1ul340-007mFj-1s@fasolo.debian.org>
• Reply-to: Colin Watson <cjwatson@debian.org>

Source: openssh
Source-Version: 1:10.0p1-8
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1080350@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Aug 2025 00:07:55 +0100
Source: openssh
Architecture: source
Version: 1:10.0p1-8
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 54243 1080350
Changes:
 openssh (1:10.0p1-8) unstable; urgency=medium
 .
   * Remove some long-obsolete Conflicts (closes: #54243).
   * Fix mistracking of MaxStartups process exits in some situations (closes:
     #1080350).
Checksums-Sha1:
 310bc6a197f39cf46e5832d0edd851b11ccc674f 3654 openssh_10.0p1-8.dsc
 3d62319c6f4b09e39f67e4f4d6d8913a1e5530fc 199944 openssh_10.0p1-8.debian.tar.xz
 45410e6b7a13f173c0403da8af68913611e00265 21506996 openssh_10.0p1-8.git.tar.xz
 d3c1d9624cc0c1396e16b27edc9acbea3601f066 18060 openssh_10.0p1-8_source.buildinfo
Checksums-Sha256:
 81bf219ec7c3cdd13111e0bc6ed1c967e9ca8c2199b5dcb7a3b801e7187486d7 3654 openssh_10.0p1-8.dsc
 f158cdc149735170e8abd84510e2d71502488bbc6a2d652065dd9938cfc150cd 199944 openssh_10.0p1-8.debian.tar.xz
 b7fd244b669f4c8660d81ae1b89baaecb402a1de9578273493784e3eec2eac60 21506996 openssh_10.0p1-8.git.tar.xz
 05d351731ddd8a87bd5f4f0bea9921ad9f9b53aa6e64dd84f683238c1054c9c6 18060 openssh_10.0p1-8_source.buildinfo
Files:
 0399779150f1ae7c36205c8606dc6ee7 3654 net standard openssh_10.0p1-8.dsc
 35a7aeeafd9441451b89314790558012 199944 net standard openssh_10.0p1-8.debian.tar.xz
 60ba1f4c292b996ad387e3c4d32718ee 21506996 net standard openssh_10.0p1-8.git.tar.xz
 891470da4d4cc63bbe6a18e74ab42f3d 18060 net standard openssh_10.0p1-8_source.buildinfo
Git-Tag-Info: tag=4bf812701dc96edceab905ca36ff111da5a41f67 fp=ac0a4ff12611b6fccf01c111393587d97d86500b
Git-Tag-Tagger: Colin Watson <cjwatson@debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmiYaoIACgkQYG0ITkaD
wHnpTA//WWismL18Qu0wH0e65bt2QAsxm5hmAZcmgkYDQZkKsxhnCOcoE39ER/HC
4e1lDIAUaSOAOTpP/cpd3rcjYT4vjngDihqMKaXESDWdyWM+B5gLBRhIDoYQHZzb
Ne1UbCTo0eQ8p8CIxh+agWZ5gijFY/hd7bvRb/WJ/J61CqLX756XLFkjLadovm1Q
jUffmnm7xzlDC89YpnwKlrvC3gG8srIPRdx0jAT1TtlIzjlrINfqvaVBLbcbw1i/
Qjz0ul6EIeJ1FixATBFNxHWQtrgwvWPOnXFwHr85tVsSD6v5h0kYcsnXWMfd2gQX
XZyrFQhxgAHxkB/kju5NDsil3q2rCWoJ1V0Mu2lm8XLICFcNllT2lTe6YzEUzeXW
IXFJX+a7dsghgRe+Mf8R9fc5dlo/1gnvls4wLdUcM2ztkyLOBUzgAev0SmStI4na
rXYInsON2pb8KUaZnCy3QaZfUc/pf7BNSQ1pkHxDdXVtoWAShWNun88gFXYItD4T
27BmFQ7x0LokYqP2haqbG4BVb1Tes0weyIiYAap+8t/jNW9M7zp09DzJd4rV3wHx
ycXSrZRjYcsXLJ1j2DwJ3tzxFVrz4CNL4MqeG93wDAAg35Nv53SPgDTsKysd/a+g
CX4oUvv7ktrYiOZUqCfYJ+iAc26vQ5J5r+vP7xIohNXpBOesVMk=
=RFmZ
-----END PGP SIGNATURE-----

Attachment: pgpOYnlvzW_1K.pgp
Description: PGP signature

--- End Message ---