diff -up openssh-5.8p2/servconf.c.max-startups openssh-5.8p2/servconf.c
--- openssh-5.8p2/servconf.c.max-startups 2013-02-08 16:54:23.003052391 +0100
+++ openssh-5.8p2/servconf.c 2013-02-08 16:54:23.021052316 +0100
@@ -262,11 +262,11 @@ fill_default_server_options(ServerOption
if (options->gateway_ports == -1)
options->gateway_ports = 0;
if (options->max_startups == -1)
- options->max_startups = 10;
+ options->max_startups = 100;
if (options->max_startups_rate == -1)
- options->max_startups_rate = 100; /* 100% */
+ options->max_startups_rate = 30; /* 30% */
if (options->max_startups_begin == -1)
- options->max_startups_begin = options->max_startups;
+ options->max_startups_begin = 10;
if (options->max_authtries == -1)
options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
if (options->max_sessions == -1)
diff -up openssh-5.8p2/sshd_config.5.max-startups openssh-5.8p2/sshd_config.5
--- openssh-5.8p2/sshd_config.5.max-startups 2013-02-08 16:54:23.004052387 +0100
+++ openssh-5.8p2/sshd_config.5 2013-02-08 16:54:23.021052316 +0100
@@ -778,7 +778,7 @@ SSH daemon.
Additional connections will be dropped until authentication succeeds or the
.Cm LoginGraceTime
expires for a connection.
-The default is 10.
+The default is 10:30:100.
.Pp
Alternatively, random early drop can be enabled by specifying
the three colon separated values
diff -up openssh-5.8p2/sshd_config.max-startups openssh-5.8p2/sshd_config
--- openssh-5.8p2/sshd_config.max-startups 2013-02-08 16:54:23.017052333 +0100
+++ openssh-5.8p2/sshd_config 2013-02-08 16:54:23.021052316 +0100
@@ -122,7 +122,7 @@ X11Forwarding yes
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
-#MaxStartups 10
+#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none