Solved

What is SSH max simultaneous connections with Red Hat 3.4.6-10 ??

Posted on 2011-03-23
19
2,494 Views
Last Modified: 2013-12-15
Hello:

By default, we discovered that '60' was the max number of simultaneous TELNET connections supported on our Red Hat 3.4.6-10 system. We changed config to UNLIMITED recently...

By default, does Red Hat 3.4.6-10 max out the number of simultaneous SSH sessions?  If so, what is the max by default and where do I go to configure UNLIMITED simultaneous connections?

Thank you!
0
Comment
Question by:cjb123
  • 7
  • 6
  • 3
  • +1
19 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 35202152
It has been a while since I used RHEL 3.

Please check if ssh was controlled by xinet

ls /etc/xinet*/ss*

0
 
LVL 31

Expert Comment

by:farzanj
ID: 35202170
Second place is the same old config file of ssh

ls /etc/ssh*/*con*

You need to check the value
MaxSessions
0
 

Author Comment

by:cjb123
ID: 35202250
Hi farzanj

I checked these two files for a MaxSessions config line but could not find any configuration line with that name.

/etc/ssh/ssh_config
and
/etc/ssh/sshd_config

Also checked /etc/init.d/sshd for that configuration label, but was not there.

Can you suggest another place I look?

Thank you.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 31

Expert Comment

by:farzanj
ID: 35202289
See my first comment.  I don't recall exactly whether Xinetd controlled ssh or not.  
There should be a file called ssh or sshd in /etc/xinet.d/

Check these values
instances     =
per_source  =  
0
 

Author Comment

by:cjb123
ID: 35203491
Sorry farzanj.  I'm trying but striking out...

the closest thing I've found is a file called sshd in /etc/init.d

no lines with instances = or per_source =

Any other suggestions for me?
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35203643
What is the version of you ssh

Issue the following

ssh -V
0
 

Author Comment

by:cjb123
ID: 35203772
Hi FarzaNJ
I'm running OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35203875
I tried many ways.

Now we can start looking at the logs and error messages.


So what is the problem.  Can you re-create the problem?

One way to do is the open many ssh connection.  Every time you have to use

ssh -vvv <server>

This would show the debugging messages.  Once we can get those, we would be in a far better position to determine what is happening.

Also try

netstat -antpu  | grep ssh


I want to see how many active ssh connections you have
0
 

Author Comment

by:cjb123
ID: 35206635
Hello Farzanj

Active simultaneous SSH connections is now 54.  We did open many instances past 60 connections with no problem.

Currently, we have no problem with SSH-- just wondering if there is a max limitation of simultaneous sessions as there was with TELNET.

I wonder if by default the behavior is to support UNLIMITED SSH connections?

0
 
LVL 31

Expert Comment

by:farzanj
ID: 35206883
There are a few locations in ssh set the connection limit/session limit but they are in the sshd_config file.  If you read your config files you should see it.

If you were telnet, yes, check those limits in /etc/xinetd.d/telnet

I remember, telnet for sure was controlled by xinetd.  If this happens again, get the error messages and also check the logs

tail -f /var/log/messages
tail -f /var/log/secure
0
 
LVL 18

Expert Comment

by:TobiasHolm
ID: 35345027
Hi!

There are a value (MaxStartups) to limit unauthenticated connections:

MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the sshd daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10.

Ref: http://linux.die.net/man/5/sshd_config

Regards, Tobias
0
 

Author Comment

by:cjb123
ID: 35345306
Hi Tobias,
Thank you!  Good info to know.
In our sshd_config file, the  MaxStartups line is commented out (#).
Given that the line is commented out-- I wonder what default behavior is expected then?
Should I assume that since the line is commented out the default MaxStartups is UNLIMITED?

Thanks again.
0
 
LVL 18

Expert Comment

by:TobiasHolm
ID: 35345903
The default is 10 concurrent unauthenticated connections. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection.

Regards, Tobias
0
 

Author Comment

by:cjb123
ID: 35348346
Thank you. You are getting me closer.
Can I ask for this clarification:  Is there a limit to to the number of _Authenticated_  simultaneous SSH connections? If so, where is this limit defined?
0
 
LVL 18

Accepted Solution

by:
TobiasHolm earned 250 total points
ID: 35348860
There are no restriction on the number of authenticated simultaneous SSH connections.

You could restrict the number of overall connections to sshd with a packet filter like Netfilter (iptables) using the connlimit extension.

# limit the number of parallel SSH requests to 16 per class C sized network (24 bit netmask)
iptables -p tcp --syn --dport 22 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT

Open in new window

Regards, Tobias
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 35348919
There is no limit in the sshd itself on maximum number of auth connections. However You may hit some limit in the system itself(like number of PTY's or utmp user entries or inetd if sshd is started with inetd[not recommended]) - unlikely though.

Just now, I have a system (RHEL5 though) with 360 open ssh sessions.
0
 

Author Closing Comment

by:cjb123
ID: 35350993
Thank you!!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question