MaxDisplays configuration option

Nico Kadel-Garcia nkadel at gmail.com
Fri Jun 3 15:29:20 AEST 2016 

On Wed, Jun 1, 2016 at 9:51 PM, AG <openssh at mzpqnxow.com> wrote:
> Hello,
>
> I manage OpenSSH on a dozen or so servers that act as gateways for a large
> amount of developers and system administrators. On these servers it is
> common for there to be more than 1000 active X11 forwards active at peak
> usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional
> ports due to a hard coded range check in channels.c that limits the port
> range that sshd will attempt to bind. Today this is set at 1000:

I think your development environment is insane, but that's your
problem, not mine.

> channels.c:152:#define MAX_DISPLAYS  1000
>
> I have made changes to OpenSSH portable that allow this setting to be
> configured via an option in sshd_config named MaxDisplays. If not
> explicitly set, it maintains the default value of 1000.

This would seem a sane approach. I do hope you'll also document the
change in the man page for sshd_config? I never have noticed
documentation for the "sshd -r" option, though it still seems to
exist. Options that are not documented..... are a long source of
cofusion for many projects.

> It seems to me that this setting should be configurable by the user similar
> to how X11DisplayOffset is configurable. I've read the code carefully and
> am currently using this patch in my production environment without any
> issues. I don't see any reason this change would cause any issues for users
> that do not need to explicitly set it. I also don't envision this being a
> maintenance burden as it's a very simple feature.
>
> I'd appreciate this being considered for acceptance into OpenSSH.
>
> Also, I'm curious if this issue has ever come up before? Is it really that
> strange of a case?

>From decades in the field, I'd say It's pretty weird. I've not
personally seen anything approaching that number of clients on a
single server in..... well, not since I worked with Multics back in
the 1980's. Dozens on a robust system, yes. One thousand?

> I understand that you don't utilize GitHub for development, but for
> convenience you can see the changes in a web browser:
>
> https://github.com/openssh/openssh-portable/pull/41
>
> I've attached the patch to this message as well.
>
> Thanks,
> Adam

>

More information about the openssh-unix-dev mailing list