[Bug 3612] sshd_config configuration options: MaxAuthTries and MaxSessions

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 7 20:50:46 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3612

--- Comment #2 from maggiezhuooo at 163.com ---
(In reply to Damien Miller from comment #1)
> (In reply to maggiezhuooo from comment #0)
> > 1. changed MaxAuthTries to 7 (to allow for four password
> > verifications after none, publickey, and keyboard-interactive), but
> > it didn't work, I tried changing the option to a larger number, and
> > the password verification was still only three times.
> 
> MaxAuthTries controls the number of attempts the server allows, but
> the client has its own limit: NumberOfPasswordPrompts. You'll need
> to adjust that too if you want more password attempts.
> 
> >     2. change MaxSessions to 2, I hope at the same time, only two
> > sessions can connect to sshd, I connected a linux board on the
> > server, in the board's sshd_config configure the item to 2. through
> > the local computer ssh connection to the server, and then through
> > the ssh connection to the board (the board is assigned a local ip
> > address), I've opened three terminal windows, and I can still
> > connect to all of them.
> 
> That's not what MaxSessions does. From the sshd_config manual page:
> 
> >   MaxSessions
> >        Specifies the maximum number of open shell, login or subsystem
> >        (e.g. sftp) sessions permitted *per network connection*.
> 
> This option doesn't control the total number of connections that can
> be opened, but instead the number of sessions that can be
> multiplexed over a each connection (e.g. using ssh's ControlMaster
> multiplexing).
> 
> To control the total number of active sessions you'd probably need
> to look at pam_limits or similar. There is no option in sshd to do
> this.

Thanks for your reply!
    For question 1: I want the server side to be able to adapt to any
configuration of the client but I can't control that configuration in
sshd, do I need to modify the code? 
    For question 2:If I want to control the total number of active
sessions, I need to modify the system login module, which is not
directly determined by sshd?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list