From 0fb1f3c9955d78fb0959842202b9ecfc36e37486 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 25 Nov 2025 01:14:33 +0000
Subject: [PATCH] upstream: move mention of default MaxStartups (which uses the

form.

GHPR568 from Santiago Vila

OpenBSD-Commit-ID: 7e68771f3cad61ec67303607afb3b85639288b29
---
 sshd_config.5 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index 6ae606f1e..1b01415cb 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.385 2025/10/04 21:41:35 naddy Exp $
-.Dd $Mdocdate: October 4 2025 $
+.\" $OpenBSD: sshd_config.5,v 1.386 2025/11/25 01:14:33 djm Exp $
+.Dd $Mdocdate: November 25 2025 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1366,11 +1366,11 @@ SSH daemon.
 Additional connections will be dropped until authentication succeeds or the
 .Cm LoginGraceTime
 expires for a connection.
-The default is 10:30:100.
 .Pp
 Alternatively, random early drop can be enabled by specifying
 the three colon separated values
 start:rate:full (e.g. "10:30:60").
+The default is 10:30:100.
 .Xr sshd 8
 will refuse connection attempts with a probability of rate/100 (30%)
 if there are currently start (10) unauthenticated connections.