similar to: [Bug 3832] New: [PATCH] typo: MaxStartups instead of Maxstartups

I have a system where 4 or 5 times now it has locked out new ssh connections. It appears as if MaxStartups is not re-allowing connections when the number of unauthenticated connections drops. Instead, 100% rejection until sshd is restarted. The client (even "ssh localhost") gets one of: kex_exchange_identification: Connection closed by remote host kex_exchange_identification:

https://bugzilla.mindrot.org/show_bug.cgi?id=3055 Bug ID: 3055 Summary: Need some high-probability logging re MaxStartups Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

I would like some clarification regarding the use of MaxStartups. I have always used the three colon separated value that enables the random drop capabilities, but the documentation for sshd says that MaxStartups can also take a single value which sets a max and leaves random drops off. When I try this, sshd tells me that it got an illegal integer. Looking at the code, in servconf.c it looks

https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Bug ID: 2613 Summary: Log connections dropped when MaxStartups is reached Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-bugs

Hello, What is the effect of MaxStartups in the configuration file sshd_config? How this keyword effects the working of sshd? regards Kumaresh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020613/8306c832/attachment.html

I haven't seen this behaviour and can't replicate it manually using OpenSSH 10.0. I think debugging this will require a log trace with LogLevel=debug3 if you can manage it. On Wed, 16 Apr 2025, Mark Hills wrote: > I have a system where 4 or 5 times now it has locked out new ssh > connections. > > It appears as if MaxStartups is not re-allowing connections when the >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [!! i've Cc'ed several fs lists, please remove when when replying !!] hi all, from time to time i do some benchmarks for several filesystems and several crypto-algorithms too, details here: http://nerdbynature.de/bench/ latest results here: http://nerdbynature.de/bench/prinz/2.6.12-rc3-mm2/bonnie.html

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, after upgrading to samba 3.0.8 (debian/unstable, i386) i too encounter similar problems as reported here: http://lists.samba.org/archive/samba/2004-November/095567.html upon logoff from a win2k(sp4) client, the profile cannot be saved and the samba logfile from the client (prinz) gives: [2004/11/26 17:57:06, 2]

Hi, This diff (for portable) makes the chrooted preauth privsep process log via the monitor using a shared socketpair. It removes the need for /dev/log inside /var/empty and makes mandatory sandboxing of the privsep child easier down the road (no more socket() syscall required). Please test. -d Index: log.c =================================================================== RCS file:

--- sshd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sshd.c b/sshd.c index dda8d9b77..cbdced5db 100644 --- a/sshd.c +++ b/sshd.c @@ -1533,6 +1533,8 @@ main(int ac, char **av) } else { do_log2(ll, "Unable to load host key: %s", options.host_key_files[i]); + sshkey_free(pubkey); + pubkey = NULL; sensitive_data.host_keys[i] = NULL;

Apologies for the wide alias, but as it may interest serveral fs groups, here it is: In the everlasting search for the best fs for my shiny new disks, I was interested in some numbers, here're the results: http://nerdbynature.de/bench/amd64/2.6.19-rc5-git4/test-3/dm-crypt-3.html details: http://nerdbynature.de/wp/?cat=4 (in short: ext3 pretty fast in all operations. then again, the numbers

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 [cc'ing 4 mailing lists, please reply to *one* list only!] hi, every now and then i'm running some benchmarks on filesystems i really use...here are the results: http://nerdbynature.de/bench/prinz64/2.6.14-rc2-mm2/bonnie.html http://nerdbynature.de/bench/prinz64/2.6.14-rc2-mm2/ may it be of some help.... thanks, Christian. PS:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [cc'ing 4 mailing lists, please reply to *one* list only!] hi, i was about to set up a new fs for my desktop machine and i could not decide which fs it should be. i've written a wrapper script for some benchmarks before, but it was not really good. i tried to rewrite it and so, here are the results: http://nerdbynature.de/bench/

https://bugzilla.mindrot.org/show_bug.cgi?id=1937 Christian Kujau <mindrot at nerdbynature.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mindrot at nerdbynature.de -- You are receiving this mail because: You are watching the assignee of the

Hi, We serve a fairly substantial number[1] of ssh connections across our fleet.? We have hit MaxStartups limits in the past and bumped it up a few times (currently at 300), but we have no warning before the limit is reached and connections start being dropped.? What I would love is some sort of instrumentation that could let us see the highest number of concurrent pre-auth connections the

I've had the chance to use a testsystem here and couldn't resist running a few benchmark programs on them: bonnie++, tiobench, dbench and a few generic ones (cp/rm/tar/etc...) on ext{234}, btrfs, jfs, ufs, xfs, zfs. All with standard mkfs/mount options and +noatime for all of them. Here are the results, no graphs - sorry: http://nerdbynature.de/benchmarks/v40z/2009-12-22/ Reiserfs

I've had the chance to use a testsystem here and couldn't resist running a few benchmark programs on them: bonnie++, tiobench, dbench and a few generic ones (cp/rm/tar/etc...) on ext{234}, btrfs, jfs, ufs, xfs, zfs. All with standard mkfs/mount options and +noatime for all of them. Here are the results, no graphs - sorry: http://nerdbynature.de/benchmarks/v40z/2009-12-22/ Reiserfs

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

The patch below (against openssh 3.2.3p1) adds a CheckMaxStartups option, defaulting to yes, to determine whether sshd calls drop_connection(). The motivation behind this is twofold. In our environment, our timesharing machines get enough incoming connections that will trigger spuriously with the default value (10 forked unauthenticated connections) as well as some significantly higher values,