[Bug 3612] sshd_config configuration options: MaxAuthTries and MaxSessions

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 7 18:04:29 AEST 2023 

https://bugzilla.mindrot.org/show_bug.cgi?id=3612

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WORKSFORME

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
(In reply to maggiezhuooo from comment #0)
> 1. changed MaxAuthTries to 7 (to allow for four password
> verifications after none, publickey, and keyboard-interactive), but
> it didn't work, I tried changing the option to a larger number, and
> the password verification was still only three times.

MaxAuthTries controls the number of attempts the server allows, but the
client has its own limit: NumberOfPasswordPrompts. You'll need to
adjust that too if you want more password attempts.

>     2. change MaxSessions to 2, I hope at the same time, only two
> sessions can connect to sshd, I connected a linux board on the
> server, in the board's sshd_config configure the item to 2. through
> the local computer ssh connection to the server, and then through
> the ssh connection to the board (the board is assigned a local ip
> address), I've opened three terminal windows, and I can still
> connect to all of them.

That's not what MaxSessions does. From the sshd_config manual page:

>   MaxSessions
>        Specifies the maximum number of open shell, login or subsystem
>        (e.g. sftp) sessions permitted *per network connection*.

This option doesn't control the total number of connections that can be
opened, but instead the number of sessions that can be multiplexed over
a each connection (e.g. using ssh's ControlMaster multiplexing).

To control the total number of active sessions you'd probably need to
look at pam_limits or similar. There is no option in sshd to do this.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list