[Bug 3612] sshd_config configuration options: MaxAuthTries and MaxSessions
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Sep 7 18:04:29 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3612
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |djm at mindrot.org
Resolution|--- |WORKSFORME
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
(In reply to maggiezhuooo from comment #0)
> 1. changed MaxAuthTries to 7 (to allow for four password
> verifications after none, publickey, and keyboard-interactive), but
> it didn't work, I tried changing the option to a larger number, and
> the password verification was still only three times.
MaxAuthTries controls the number of attempts the server allows, but the
client has its own limit: NumberOfPasswordPrompts. You'll need to
adjust that too if you want more password attempts.
> 2. change MaxSessions to 2, I hope at the same time, only two
> sessions can connect to sshd, I connected a linux board on the
> server, in the board's sshd_config configure the item to 2. through
> the local computer ssh connection to the server, and then through
> the ssh connection to the board (the board is assigned a local ip
> address), I've opened three terminal windows, and I can still
> connect to all of them.
That's not what MaxSessions does. From the sshd_config manual page:
> MaxSessions
> Specifies the maximum number of open shell, login or subsystem
> (e.g. sftp) sessions permitted *per network connection*.
This option doesn't control the total number of connections that can be
opened, but instead the number of sessions that can be multiplexed over
a each connection (e.g. using ssh's ControlMaster multiplexing).
To control the total number of active sessions you'd probably need to
look at pam_limits or similar. There is no option in sshd to do this.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list