Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What is SSH max simultaneous connections with Red Hat 3.4.6-10 ??

Posted on 2011-03-23
19
Medium Priority
?
2,759 Views
Last Modified: 2013-12-15
Hello:

By default, we discovered that '60' was the max number of simultaneous TELNET connections supported on our Red Hat 3.4.6-10 system. We changed config to UNLIMITED recently...

By default, does Red Hat 3.4.6-10 max out the number of simultaneous SSH sessions?  If so, what is the max by default and where do I go to configure UNLIMITED simultaneous connections?

Thank you!
0
Comment
Question by:cjb123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
  • +1
19 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 35202152
It has been a while since I used RHEL 3.

Please check if ssh was controlled by xinet

ls /etc/xinet*/ss*

0
 
LVL 31

Expert Comment

by:farzanj
ID: 35202170
Second place is the same old config file of ssh

ls /etc/ssh*/*con*

You need to check the value
MaxSessions
0
 

Author Comment

by:cjb123
ID: 35202250
Hi farzanj

I checked these two files for a MaxSessions config line but could not find any configuration line with that name.

/etc/ssh/ssh_config
and
/etc/ssh/sshd_config

Also checked /etc/init.d/sshd for that configuration label, but was not there.

Can you suggest another place I look?

Thank you.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 31

Expert Comment

by:farzanj
ID: 35202289
See my first comment.  I don't recall exactly whether Xinetd controlled ssh or not.  
There should be a file called ssh or sshd in /etc/xinet.d/

Check these values
instances     =
per_source  =  
0
 

Author Comment

by:cjb123
ID: 35203491
Sorry farzanj.  I'm trying but striking out...

the closest thing I've found is a file called sshd in /etc/init.d

no lines with instances = or per_source =

Any other suggestions for me?
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35203643
What is the version of you ssh

Issue the following

ssh -V
0
 

Author Comment

by:cjb123
ID: 35203772
Hi FarzaNJ
I'm running OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35203875
I tried many ways.

Now we can start looking at the logs and error messages.


So what is the problem.  Can you re-create the problem?

One way to do is the open many ssh connection.  Every time you have to use

ssh -vvv <server>

This would show the debugging messages.  Once we can get those, we would be in a far better position to determine what is happening.

Also try

netstat -antpu  | grep ssh


I want to see how many active ssh connections you have
0
 

Author Comment

by:cjb123
ID: 35206635
Hello Farzanj

Active simultaneous SSH connections is now 54.  We did open many instances past 60 connections with no problem.

Currently, we have no problem with SSH-- just wondering if there is a max limitation of simultaneous sessions as there was with TELNET.

I wonder if by default the behavior is to support UNLIMITED SSH connections?

0
 
LVL 31

Expert Comment

by:farzanj
ID: 35206883
There are a few locations in ssh set the connection limit/session limit but they are in the sshd_config file.  If you read your config files you should see it.

If you were telnet, yes, check those limits in /etc/xinetd.d/telnet

I remember, telnet for sure was controlled by xinetd.  If this happens again, get the error messages and also check the logs

tail -f /var/log/messages
tail -f /var/log/secure
0
 
LVL 18

Expert Comment

by:TobiasHolm
ID: 35345027
Hi!

There are a value (MaxStartups) to limit unauthenticated connections:

MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the sshd daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10.

Ref: http://linux.die.net/man/5/sshd_config

Regards, Tobias
0
 

Author Comment

by:cjb123
ID: 35345306
Hi Tobias,
Thank you!  Good info to know.
In our sshd_config file, the  MaxStartups line is commented out (#).
Given that the line is commented out-- I wonder what default behavior is expected then?
Should I assume that since the line is commented out the default MaxStartups is UNLIMITED?

Thanks again.
0
 
LVL 18

Expert Comment

by:TobiasHolm
ID: 35345903
The default is 10 concurrent unauthenticated connections. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection.

Regards, Tobias
0
 

Author Comment

by:cjb123
ID: 35348346
Thank you. You are getting me closer.
Can I ask for this clarification:  Is there a limit to to the number of _Authenticated_  simultaneous SSH connections? If so, where is this limit defined?
0
 
LVL 18

Accepted Solution

by:
TobiasHolm earned 1000 total points
ID: 35348860
There are no restriction on the number of authenticated simultaneous SSH connections.

You could restrict the number of overall connections to sshd with a packet filter like Netfilter (iptables) using the connlimit extension.

# limit the number of parallel SSH requests to 16 per class C sized network (24 bit netmask)
iptables -p tcp --syn --dport 22 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT

Open in new window

Regards, Tobias
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 35348919
There is no limit in the sshd itself on maximum number of auth connections. However You may hit some limit in the system itself(like number of PTY's or utmp user entries or inetd if sshd is started with inetd[not recommended]) - unlikely though.

Just now, I have a system (RHEL5 though) with 360 open ssh sessions.
0
 

Author Closing Comment

by:cjb123
ID: 35350993
Thank you!!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question