Hello,
Does NETCONF interface and/or the built-in SSH server include any controls to prevent denial of service attacks (e.g., rate limit SSH connection attempts and/or login attempts).
Best Regards,
Matt
See Erlang -- ssh
parallel_login
If set to false (the default value), only one login is handled at a time. If set to true, an unlimited number of login attempts are allowed simultaneously.
If the max_sessions option is set to N and parallel_login is set to true, the maximum number of simultaneous login attempts at any time is limited to N-K, where K is the number of authenticated connections present at this daemon.
Warning - Do not enable parallel_logins without protecting the server by other means, for example, by the max_sessions option or a firewall configuration. If set to true, there is no protection against DOS attacks.
The above configurables in confd.conf:
/confdConfig/ssh/parallelLogin (boolean) [false]
By default parallel logins are disabled and will block more than one password authenticated session from seeing the password prompt. If enabled, then up to maxSessions minus
active authenticated sessions will be shown password prompts.
and the maxSessions config under
/confdConfig/sessionLimits
Parameters for limiting concurrent access to ConfD.
Best regards