tweaking max sessions / scaling

Damien Miller djm at
Thu Sep 28 11:39:49 AEST 2017

On Wed, 27 Sep 2017, Mike Tancsa wrote:

> On 9/26/2017 9:07 PM, Peter Stuge wrote:
> > Mike Tancsa wrote:
> >> Without leaving the server at debug2 logging level, is there a way
> >> to find out if I am hitting application limits vs OS limits ?
> > 
> > If you run sshd under ktrace maybe you can spot resource limit errors
> > for relevant syscalls in the kdump output.
> Thanks! Although in this case, the measurement seems pretty resource
> intensive.  I increased the MaxSessions and as well as MaxStartups and I
> have the failure rate down to under 10 per day.  So it seems based on
> changing that, it is application limits ?
> I added
> MaxSessions 920

MaxSessions only really affects connection multiplexing - it's the limit
of how many multiplexed sessions a single connection can support.
Unless you're using multiplexing really heavily, this isn't likely to make
much of a difference.

> ClientAliveInterval 15 # get rid of procs sitting arround
> MaxStartups 30:50:500

MaxStartups limits sshd processes in the pre-authentication state. If
you're running lots of short-lived connections in parallel then you
might need to adjust this. Note that the setting you've got there will
deliberately drop 50% of new connections when more than 30 are in the
pre-auth state. Moreover 500 unauthenticated connections is a pretty
high number, I'd suggest you set MaxStartups=50:30:200


More information about the openssh-unix-dev mailing list