Акулов Алексей
2010-Dec-10 09:33 UTC
Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option
Hello! We have the server with RHEL 5.5 (64-bit) and need to connect many parallel users over ssh (OpenSSH). Usually we use openssh-4.4p1, builded from the sources with changed "servconf.h" file by this type: ???#define MAX_ALLOW_USERS ????????10000 ????/* Max # users on allow list. */ ???#define MAX_DENY_USERS ???????????10000 ????/* Max # users on deny list. */ ???#define MAX_ALLOW_GROUPS ?????10000 ????/* Max # groups on allow list. */ ???#define MAX_DENY_GROUPS ????????10000 ????/* Max # groups on deny list. */ and configured with this additional options: # ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ipv4-default --with-pam --without-4in6 --without-zlib-version-check # make # make install. After compiling and restarting service ssh (# service sshd condrestart) we had possibility to connect many parallel users to our server. Now we want to update a version of OpenSSH from openssh-4.4p1 to openssh-5.5p1 but have a problem with the maximum quantity of line "AllowUsers" in file "/etc/ssh/sshd_config" after such operations as we had done with openssh-4.4p1. # service sshd restart Stopping sshd: ?????????????????????????????????????????????????????????????????????????????????????????????????????[FAILED] Starting sshd: /etc/ssh/sshd_config line 622: too many allow users. ?????????????[FAILED] What we do incorrect? Thanks. With the best regards, Alex.
Damien Miller
2010-Dec-10 22:57 UTC
Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option
On Fri, 10 Dec 2010, ?????? ??????? wrote:> Hello! > > We have the server with RHEL 5.5 (64-bit) and need to connect many parallel users over ssh (OpenSSH). > Usually we use openssh-4.4p1, builded from the sources with changed "servconf.h" file by this type: > #define MAX_ALLOW_USERS 10000 /* Max # users on allow list. */ > #define MAX_DENY_USERS 10000 /* Max # users on deny list. */ > #define MAX_ALLOW_GROUPS 10000 /* Max # groups on allow list. */ > #define MAX_DENY_GROUPS 10000 /* Max # groups on deny list. */Those definitions don't do what you think they do. They are the number of users that can appear in AllowUsers/DenyUsers/AllowGroups/DenyGroups statement and have no effect on the number of users that are allowed to concurrently log in. -d