[Bug 3612] sshd_config configuration options: MaxAuthTries and MaxSessions
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Sep 7 20:50:46 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3612
--- Comment #2 from maggiezhuooo at 163.com ---
(In reply to Damien Miller from comment #1)
> (In reply to maggiezhuooo from comment #0)
> > 1. changed MaxAuthTries to 7 (to allow for four password
> > verifications after none, publickey, and keyboard-interactive), but
> > it didn't work, I tried changing the option to a larger number, and
> > the password verification was still only three times.
>
> MaxAuthTries controls the number of attempts the server allows, but
> the client has its own limit: NumberOfPasswordPrompts. You'll need
> to adjust that too if you want more password attempts.
>
> > 2. change MaxSessions to 2, I hope at the same time, only two
> > sessions can connect to sshd, I connected a linux board on the
> > server, in the board's sshd_config configure the item to 2. through
> > the local computer ssh connection to the server, and then through
> > the ssh connection to the board (the board is assigned a local ip
> > address), I've opened three terminal windows, and I can still
> > connect to all of them.
>
> That's not what MaxSessions does. From the sshd_config manual page:
>
> > MaxSessions
> > Specifies the maximum number of open shell, login or subsystem
> > (e.g. sftp) sessions permitted *per network connection*.
>
> This option doesn't control the total number of connections that can
> be opened, but instead the number of sessions that can be
> multiplexed over a each connection (e.g. using ssh's ControlMaster
> multiplexing).
>
> To control the total number of active sessions you'd probably need
> to look at pam_limits or similar. There is no option in sshd to do
> this.
Thanks for your reply!
For question 1: I want the server side to be able to adapt to any
configuration of the client but I can't control that configuration in
sshd, do I need to modify the code?
For question 2:If I want to control the total number of active
sessions, I need to modify the system login module, which is not
directly determined by sshd?
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list