admin: Configurable rate-limiting

[shazow]

Right now rate limiting is hardcoded in a few places.

Would be nice to have an admin command to change the ratelimiting configuration of the server. Ideally we wouldn't have to expose fine-grained configurations for the io ratelimiting, perhaps it can be automagically extrapolated based on "number of messages"?

Something like /ratelimit 5 per 3s

The challenge is that the inputLimiter calibration was done iteratively and it will be hard to come up with a formula that will work in all cases. Perhaps a better option would be to simply toggle all of the rate limiting mechanics? Less useful for public servers, but desirable for private servers. Or maybe disable rate limiting for whitelist-enabled servers?

Off the top of my head, these sections would need to be updated:

ssh-chat/host.go

Line 182 in 4fe4374

ratelimit := rateio.NewSimpleLimiter(3, time.Second*3)

ssh-chat/sshd/net.go

Lines 31 to 34 in 5af617f

	if l.RateLimit != nil {
	// TODO: Configurable Limiter?
	conn = ReadLimitConn(conn, l.RateLimit())
	}

ssh-chat/sshd/ratelimit.go

Lines 42 to 53 in 5af617f

	// NewInputLimiter returns a rateio.Limiter with sensible defaults for
	// differentiating between humans typing and bots spamming.
	func NewInputLimiter() rateio.Limiter {
	grace := time.Second * 3
	return &inputLimiter{
	Amount: 2 << 14, // ~16kb, should be plenty for a high typing rate/copypasta/large key handshakes.
	Frequency: time.Minute * 1,
	readCap: 128, // Allow up to 128 bytes per read (anecdotally, 1 character = 52 bytes over ssh)
	numRead: -1024 * 1024, // Start with a 1mb grace
	timeRead: time.Now().Add(grace),
	}
	}

(Prompted by #363)

[aberfan]

Is there now a way to turn off the rate-limiting, given the merge of the feature is closed?

This chat is unusable with it; in a private conversation (only two people using the server) where pasting multi-sentence plaintext material, it kills it. It's hard to understand why this would ever exist on a private server; even on a public server, though, pasting multi-line sentences, vs constantly directing people to pastebin, is typical.

Or is there a specific intended audience of this that would warranted such a monstrously restrictive, unchangeable setting?

[shazow]

@aberfan the PR was incomplete, are you working on a more complete PR for this feature?

Please don't be rude. You're welcome to sponsor work on this project and you're welcome to contribute to this project.

ssh-chat was not designed to be a pastebin, it was designed to be a public chat room and it has been successfully operating as one for more than 6 years with hundreds of thousands of visitors and many denial of service attacks.

I understand that pasting a lot of text is desirable for private servers and I'm fine with adding a feature like this but there's work to be done for it. Are you volunteering to do this work, or are you demanding that I do it for you?

[aberfan]

I apologize if I come across as rude for it is not my intention to be.

I'm not sure I understand the situation of adding a feature. The issue is the server has a hard-coded limit on text. It may not be possible to explain it simply enough for a non-coder like me but it seems a matter of not doing something (rate limiting) rather than doing it? Isn't that the code above? Removing something, not adding?

It seems our usage model may be off; ssh-chat is absolutely perfect for people to use as a private, secure chat, so it's surprising to find an arbitrary and unchangeable limitation on its ability to fully function as one.

What prompted me to search for a way to disable the rate limit was having it reject a pasted corporate tweet I was discussing with my partner, after a long sentence prefacing it. That's hardly seems like an attempt to substitute its usage as a pastebin. Likewise, in common IRC (freenode), no limitations exist in private channels and queries. Is there a particular reason ssh-chat is more targeted by spammers and DDoS?

I understand it's functioned for 6 years with hundreds of thousands of people. Perhaps other people who find this restriction burdensome are able to just fork the code and comment it out instead of expecting the primary program be changed. For others who may also stumble on this issue, can you share the reason for this to be hard-coded instead of a configuration setting, so they don't waste your time asking as well?

Thank you for the program and your efforts.

[yhojann-cl]

ssh-chat was not designed to be a pastebin, it was designed to be a public chat room

But in many cases it is necessary not only to publish code but also to quote long messages. The option to only allow certain public keys makes sense when you need to use a private and non-public chat, I understand that the intention of ssh-chat has both intentions, that of being a public chat and also private.