35

I have the following entry in my .ssh/config file

Host AAA
    User BBB
    HostName CCC
    ControlMaster auto
    ControlPath ~/.ssh/%r@%h:%p

The above allows me to multiplex multiple ssh sessions through the same ssh connection without having to type in the password every time I need a new session (as long as the master connection remains open).

However, I have noticed that once I have a relatively high # of connections multiplexed (~7), I can't add more sessions to the same multiplexed connection, and I start get the following error:

> ssh -X AAA

mux_client_request_session: session request failed: Session open refused by peer
Password:

My questions:

Why am I getting this error? Is there a limit in the # of ssh sessions I can multiplex in the same connection? Can I change that limit? Would that be a bad idea?

Amelio Vazquez-Reina
  • 41,161
  • 3
    I can't answer the questions directly, but can offer some suggestions on tracking down the problem.

    Since the peer refused the connection, I'd start by looking at the logs on the system you are connecting to. See if sshd gives any errors. If not, increase the LogLevel and try again.

    If you find a log message that isn't immediately obvious and searching for the phrase doesn't help, you can use grep on the source code. Error messages are frequently surrounded by sets of conditions - one (or some) of them weren't met, and that's why this message came up.

     – Shawn J. Goff Oct 20 '11 at 03:03

2 Answers2

36

The sshd daemon on the server is limiting the number of sessions per network connection. This is controlled by MaxSessions option in /etc/ssh/sshd_config. Also the MaxStartups option may need to be increased if you use a large number of sessions. (See man sshd_config for more details.) The option to modify MaxSessions limit has been introduced in OpenSSH 5.1 and it looks that the number was previously hard-fixed at 10. If you exceed MaxSessions on the server, you'll see sshd[####]: error: no more sessions in the server's log.

ScottW
  • 3
  • 2
rozcietrzewiacz
  • 39,269
4

I ran into this issue on a server with an earlier version of OpenSSH. I control the server, and I solved the problem by creating two CNAMEs in my named configuration:

realhost.myexample.com.      IN  A       XXX.XXX.XXX.XXX
realhost2.myexample.com.     IN  CNAME   realhost.myexample.com.
realhost3.myexample.com.     IN  CNAME   realhost.myexample.com.

Then, in my local ssh client config:

ControlMaster auto
ControlPath ~/.ssh/%r_%p_%h

host realhost
hostname realhost.myexample.com

host realhost2
hostname realhost2.myexample.com

host realhost3
hostname realhost3.myexample.com

The ControlPath statement is so the control socket names don't step on each other.

That's it, but to make it easy to manage, I wrote a wrapper script for 'ssh' on the client side. It understands that there are 'groups' of hosts (in this case realhost, realhost1, realhost2 comprise one group). When issuing 'sshwrapper realhost', if there are no open channels, all three are opened, and one session is begun. Next time it's run, it counts open connections per channel, and opens the new session in the channel with the fewest connections.

With one real, and two 'fake' hosts, I can connect 30 times before receiving an error. Logging in is extremely fast, except the initial time takes a second or two, as all three control channels are opened at that time.

joe
  • 149
  • The script sounds like a real timesaver and it would be really useful. If you still have it, would you mind sharing it with the public? – thefourtheye Sep 07 '19 at 05:45
  • I'm not sure it's appropriate here, since it's not the answer to a question. Also, I just wrote it for myself, and it runs on a Mac client (to login to my Linux servers). The code parses 'ps' output, and would need to be changed to run on Linux, because of different 'ps' syntax. – joe Sep 07 '19 at 09:42
  • Fair enough. Thanks for sharing the general idea though. – thefourtheye Sep 11 '19 at 07:37
  • I've placed the script at moosiefinance.com:8081/sshm.zip. – joe Sep 11 '19 at 18:10
  • 1
    Awesome... Thanks a lot... Let me go through that – thefourtheye Sep 19 '19 at 09:42