I have a question related to sshd
's settings of MaxSessions
and MaxStartups
.
Suppose I have a host server that has sshd
settings as below.
MaxSessions 3,
MaxStartups 10,
LoginGraceTime 1m
And, currently 3 ssh sessions are established onto the host, and the sessions will not end for a while.
At that time, a new (4th) ssh connection is going to be made while there are already 3 ssh sessions are on going.
The 4th ssh connections uses key-authentication, and there is NOT any problem with the key-authentication.
After key-authentication of the 4th ssh connection succeeds, what will happen to the 4th connection? Is there any correct scenario as below? If so, what is it? If the answer is #3, can you tell me the right answer for me?
-
The 4th ssh connection will be disconnected from the host since there already exist ssh sessions at its maximum. Total number of ssh sessions established cannot be exceeded.
-
The 4th ssh connection will be on the wait-list since even though there are on going ssh session at maximum,
MaxStartup
does not exceed its maximum. The 4th ssh connection will wait until there is any disconnection of on going ssh sessions made from the host, and the 4th ssh connection cannot wait more than the time thatLoginGraceTime
set, 1 minute. -
Neither of the above.
Thanks.
Best Answer
I believe that neither of the two directives do what you think.
MaxSessions
:In this context "session" is not a connection, it's a virtual channel within one connection. In most cases you will never face this limit, as most clients cannot make use of multiple channels. Or if they are, it is in less used/known scenarios.
MaxStartups
:So the "startup" limit is evaluated even before any authentication is done.