SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
The purpose of load control is to help keep Tectia Server for IBM z/OS running when the load is high (that is, the number of current connections is near the maximum allowed number of connections). High load might be caused by a connection flood denial-of-service attack that tries to make the server unavailable to its intended users by using so much of its resources that normal service is disrupted.
Load control is implemented by keeping a "white list" of the IP addresses of connections that have had a successful authentication. When Tectia Server for IBM z/OS starts, the white list is empty. When the server's load is high, connections from IP addresses that are not on the white list (that is, connections that have not recently had a successful authentication) are discarded.
Load control uses four configuration variables in the
It is recommended to set
The level of load is measured by how near the number of the server's current connections
MaxConnections, the maximum number of connections that the server will handle simultaneously.
The argument for
MaxConnections is a positive number. The default value is
and the value
0 (zero) means that the number of connections is not limited.
must be greater than 1 when load control is used.
LoadControl.Active can have a value of
no. The default value is
no (load control is disabled).
To enable load control, set
When the number of concurrent connections is greater than
connections from IP addresses that have not recently had a successful authentication are discarded.
When the number of concurrent connections is not greater than
connections are accepted from any IP address (subject to restrictions defined with
The allowed value range of
LoadControl.DiscardLimit is from
The default value is 90 percent of the value of
MaxConnections. If you have not defined any configuration settings
(that is, only
sshd2_config default values are used), the value of
Tectia Server for IBM z/OS keeps a list of the IP addresses of connections that have had a successful authentication.
This "white list" has space for a fixed number of unique IP addresses, specified by
The default value of
LoadControl.WhitelistSize is 1000.