7

I have my SSH client configured to multiplex my sessions:

Host *
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600

I'm occasionally bumping into the default OpenSSH server side MaxSessions limit of 10. The obvious answer is to increase MaxSessions to a number significantly larger than I'd ever need.

Is there a reason to not just set it to 1000000? The default of 10 suggests this is some reason not to.

All I can come up with is perhaps past 10 or so, busy connections might be less efficient, but seeing as the harm would be limited to myself, I'm not sure this is the reason.

Jakuje
  • 21,357
Alan De Smet
  • 183

3 Answers3

8

There is always a reason why to limit anything. The 10 is "sane default". The less is for more restrictive use cases (preventing shell access or allowing only single channel), bumping it to more can also make a sense, if you really know, you will be issuing millions of sessions. I rarely open more than 4.

To the question:

Is there a reason to not just set it to 1000000?

max_sessions variable has int type, so the maximum possible value is 2147483647. Nothing prevents you setting up your ideal million.

... but as already mentioned, there is no good reason to do that.

There is no significant security effect in using more sessions (once single session of attacker is opened, you are screwed), but there might be performance penalty when using more of them.

Jakuje
  • 21,357
  • I think you've best gotten at the essence of my question. I'm taking the reason for "10" to be "an abundance of caution," which would be the same reason to not set it to a million. Which isn't a bad reason at all. – Alan De Smet Dec 28 '16 at 23:24
4

Is there a reason to not just set it to 1000000?

Yes. Because if you run a script that accidentally keeps consuming ssh sessions, you risk DoSing your own server. Do you really want to run into a situation where other applications on the same server are not able to open files anymore? The number of open file descriptors is limited by /proc/sys/fs/file-max, and usually the default value is below 1M.

You should set it to the most you think would ever need plus a safety cushion, not to some arbitrarily huge value.

DepressedDaniel
  • 4,229
  • 1
    As best I can tell, OpenSSH's sshd imposes no default limit on the number of simultaneous, authenticated connections. So the system is only defended against a DoS from users who turned on a non-standard option. So for DoS protection, setting MaxSessions to 1000000 seems no worse than the default, non-multiplexed case. – Alan De Smet Dec 28 '16 at 22:50
  • @AlanDeSmet That is sort of right. Except a lot of scripts that would use more than one session really ought to be written to use connection multiplexing. And should such a script can get out of control it can eat resources a lot faster under connection multiplexing since it is very lightweight to add a multiplexed session vs authenticating from the start. – DepressedDaniel Dec 28 '16 at 22:55
0

Each SSH session uses resources. Some quick benchmarking says that a typical session uses one process ID, 500 kb of unshared memory, and seven file descriptors. All of these are limited resources, and if they get used up, your server will become unresponsive or unavailable.

Keep in mind that you are not the only one connecting to your server. There are a number of botnets out there scanning for inadequately-secured SSH servers, and they'll use up resources as well.

Mark
  • 4,244
  • If some random bothnet can open session on your server, you are screwed and you should secure your server better. This question is about connection multiplexing, which is happening after the authentication and is completely irrelevant in the case you are trying to explain (at least the second part of the answer). – Jakuje Dec 29 '16 at 09:19
  • @Jakuje, resources start getting used when the bot connects, before authentication. These resources come from the same shared pool as the resources used in connection multiplexing. – Mark Dec 29 '16 at 10:16
  • Yes, but 1) the unauthenticated connections (though not part of the question) are limited by MaxStatup option 2) It takes much less resources to create unauthenticated connection, than the session. – Jakuje Dec 29 '16 at 10:18