Multiple (multiplexed) simultaneous ssh connections - Cygwin bug?
Goldburt, Dan
Dan.Goldburt at dowjones.com
Fri Sep 8 05:55:29 EST 2006
Hello,
I need to make many (>50) ssh connections from linux to cygwin at the same time. Using Windows 2000 Server (OpenSSH_4.3p2, OpenSSL 0.9.8b and updated cygwin) and Linux RHEL4 (OpenSSH_3.9p1, OpenSSL 0.9.7a).
It's been difficult to optimize many simultaneous connections. Here were some issues:
1. On Windows XP/Professional, Microsoft intentionally cripples the TCP/IP stack. Official word (http://support.microsoft.com/kb/Q127144) is that the backlog queue limit on a listen socket is 5 (200 when Server), so you can't accept() more than 5 new connections concurrently.
2. Using a master connection that is shared, the sshd_config variable MaxStartups has no effect. This is because we are not opening lots of ssh connections, but are opening multiple sessions within a single connection. The parameter that needs to be changed is MAX_SESSIONS, which is hardcoded in sessions.c at 10. Request: add "MAX_SESSIONS" as a configuration parameter in sshd_config. (also, you should mention in INSTALL documentation that by default, compiled binaries are quite a bit larger than usual. Do you use strip -strip-debug?
Finally, I'm able to make many connections most of the time. But then, sshd errors:
fcntl(223, F_GETFL, 0): Bad file descriptor
and sometimes:
[sig] bash 3720 _cygtls::handle_threadlist_exception
and then loops spitting out "select: Bad file descriptor" and taking up 100% CPU. I have not done a stack trace or increased sshd debug output because the error comes up when about 100 connections are made, so it would be difficult to track down. If this isn't enough information to go on, I will post it.
Is this because on Cygwin, the "fd_set" arrays, used with select(), can contain file descriptors (FD) from 0 to 63 (the fd_set array is 8-byte long). On Linux, this is 0 to 1023? From: http://www.ipflow.utc.fr/blog/?p=34 and http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=105321853321894&w=3
I also found a post http://www.cygwin.com/ml/cygwin/2005-06/msg00511.html where Corinna said "Using a master/slave connection requires the ability to exchange file descriptors over AF_UNIX sockets. That's not possible in Cygwin." I assume this has been addressed with USE_PIPES, since I AM able to use multiplexed connections most of the time?
Lastly, if security is not the biggest concern, should I even use ssh? I just need to be able to execute many remote shell commands in a short interval and return the output.
Thanks,
Dan
More information about the openssh-unix-dev
mailing list