bugzilla-daemon at mindrot.org
2023-Sep-07 07:20 UTC
[Bug 3612] New: sshd_config configuration options: MaxAuthTries and MaxSessions
https://bugzilla.mindrot.org/show_bug.cgi?id=3612 Bug ID: 3612 Summary: sshd_config configuration options: MaxAuthTries and MaxSessions Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: maggiezhuooo at 163.com 1. changed MaxAuthTries to 7 (to allow for four password verifications after none, publickey, and keyboard-interactive), but it didn't work, I tried changing the option to a larger number, and the password verification was still only three times. 2. change MaxSessions to 2, I hope at the same time, only two sessions can connect to sshd, I connected a linux board on the server, in the board's sshd_config configure the item to 2. through the local computer ssh connection to the server, and then through the ssh connection to the board (the board is assigned a local ip address), I've opened three terminal windows, and I can still connect to all of them. How do I configure this to achieve my goal? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Sep-07 08:04 UTC
[Bug 3612] sshd_config configuration options: MaxAuthTries and MaxSessions
https://bugzilla.mindrot.org/show_bug.cgi?id=3612 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|--- |WORKSFORME --- Comment #1 from Damien Miller <djm at mindrot.org> --- (In reply to maggiezhuooo from comment #0)> 1. changed MaxAuthTries to 7 (to allow for four password > verifications after none, publickey, and keyboard-interactive), but > it didn't work, I tried changing the option to a larger number, and > the password verification was still only three times.MaxAuthTries controls the number of attempts the server allows, but the client has its own limit: NumberOfPasswordPrompts. You'll need to adjust that too if you want more password attempts.> 2. change MaxSessions to 2, I hope at the same time, only two > sessions can connect to sshd, I connected a linux board on the > server, in the board's sshd_config configure the item to 2. through > the local computer ssh connection to the server, and then through > the ssh connection to the board (the board is assigned a local ip > address), I've opened three terminal windows, and I can still > connect to all of them.That's not what MaxSessions does. From the sshd_config manual page:> MaxSessions > Specifies the maximum number of open shell, login or subsystem > (e.g. sftp) sessions permitted *per network connection*.This option doesn't control the total number of connections that can be opened, but instead the number of sessions that can be multiplexed over a each connection (e.g. using ssh's ControlMaster multiplexing). To control the total number of active sessions you'd probably need to look at pam_limits or similar. There is no option in sshd to do this. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Sep-07 10:50 UTC
[Bug 3612] sshd_config configuration options: MaxAuthTries and MaxSessions
https://bugzilla.mindrot.org/show_bug.cgi?id=3612 --- Comment #2 from maggiezhuooo at 163.com --- (In reply to Damien Miller from comment #1)> (In reply to maggiezhuooo from comment #0) > > 1. changed MaxAuthTries to 7 (to allow for four password > > verifications after none, publickey, and keyboard-interactive), but > > it didn't work, I tried changing the option to a larger number, and > > the password verification was still only three times. > > MaxAuthTries controls the number of attempts the server allows, but > the client has its own limit: NumberOfPasswordPrompts. You'll need > to adjust that too if you want more password attempts. > > > 2. change MaxSessions to 2, I hope at the same time, only two > > sessions can connect to sshd, I connected a linux board on the > > server, in the board's sshd_config configure the item to 2. through > > the local computer ssh connection to the server, and then through > > the ssh connection to the board (the board is assigned a local ip > > address), I've opened three terminal windows, and I can still > > connect to all of them. > > That's not what MaxSessions does. From the sshd_config manual page: > > > MaxSessions > > Specifies the maximum number of open shell, login or subsystem > > (e.g. sftp) sessions permitted *per network connection*. > > This option doesn't control the total number of connections that can > be opened, but instead the number of sessions that can be > multiplexed over a each connection (e.g. using ssh's ControlMaster > multiplexing). > > To control the total number of active sessions you'd probably need > to look at pam_limits or similar. There is no option in sshd to do > this.Thanks for your reply! For question 1: I want the server side to be able to adapt to any configuration of the client but I can't control that configuration in sshd, do I need to modify the code? For question 2:If I want to control the total number of active sessions, I need to modify the system login module, which is not directly determined by sshd? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.