tweaking max sessions / scaling
Damien Miller
djm at mindrot.org
Thu Sep 28 11:39:49 AEST 2017
On Wed, 27 Sep 2017, Mike Tancsa wrote:
> On 9/26/2017 9:07 PM, Peter Stuge wrote:
> > Mike Tancsa wrote:
> >> Without leaving the server at debug2 logging level, is there a way
> >> to find out if I am hitting application limits vs OS limits ?
> >
> > If you run sshd under ktrace maybe you can spot resource limit errors
> > for relevant syscalls in the kdump output.
>
> Thanks! Although in this case, the measurement seems pretty resource
> intensive. I increased the MaxSessions and as well as MaxStartups and I
> have the failure rate down to under 10 per day. So it seems based on
> changing that, it is application limits ?
>
> I added
>
> MaxSessions 920
MaxSessions only really affects connection multiplexing - it's the limit
of how many multiplexed sessions a single connection can support.
Unless you're using multiplexing really heavily, this isn't likely to make
much of a difference.
> ClientAliveInterval 15 # get rid of procs sitting arround
> MaxStartups 30:50:500
MaxStartups limits sshd processes in the pre-authentication state. If
you're running lots of short-lived connections in parallel then you
might need to adjust this. Note that the setting you've got there will
deliberately drop 50% of new connections when more than 30 are in the
pre-auth state. Moreover 500 unauthenticated connections is a pretty
high number, I'd suggest you set MaxStartups=50:30:200
-d
More information about the openssh-unix-dev
mailing list