The intermittent "intrusion attack" blockages that prohibit site computers from accessing campus is due to a large number (>50 / min) of connection requests coming from an IP. One possible reason for the large number of requests is the rsync_to_campus script. Each rsync invocation acts on one file, and establishes a unique SSH connection to the campus computer. SSH multiplexing could be used to avoid this. The script would first establish a session to campus, then use that session for all rsync operations. If doing this, care needs to be taken not to interrupt the autossh sessions established, as they do not play well with the SSH ControlPersist parameter. So, the rsync_to_campus SSH connection would either need to manually call ssh -M -S [path] -o "ControlPersist=10m" ..., or the autossh invocation will need to specifically not use ControlMaster. Either way, it needs care and should be thoroughly tested.
The intermittent "intrusion attack" blockages that prohibit site computers from accessing campus is due to a large number (>50 / min) of connection requests coming from an IP. One possible reason for the large number of requests is the
rsync_to_campusscript. Eachrsyncinvocation acts on one file, and establishes a unique SSH connection to the campus computer. SSH multiplexing could be used to avoid this. The script would first establish a session to campus, then use that session for all rsync operations. If doing this, care needs to be taken not to interrupt theautosshsessions established, as they do not play well with the SSHControlPersistparameter. So, thersync_to_campusSSH connection would either need to manually callssh -M -S [path] -o "ControlPersist=10m" ..., or the autossh invocation will need to specifically not useControlMaster. Either way, it needs care and should be thoroughly tested.