Limits of SSH multiplexing

The sshd daemon on the server is limiting the number of sessions per network connection. This is controlled by MaxSessions option in /etc/ssh/sshd_config. Also the MaxStartups option may need to be increased if you use a large number of sessions. (See man sshd_config for more details.) The option to modify MaxSessions limit has been introduced in OpenSSH 5.1 and it looks that the number was previously hard-fixed at 10. If you exceed MaxSessions on the server, you'll see sshd[####]: error: no more sessions in the server's log.


I ran into this issue on a server with an earlier version of OpenSSH. I control the server, and I solved the problem by creating two CNAMEs in my named configuration:

realhost.myexample.com.      IN  A       XXX.XXX.XXX.XXX
realhost2.myexample.com.     IN  CNAME   realhost.myexample.com.
realhost3.myexample.com.     IN  CNAME   realhost.myexample.com.

Then, in my local ssh client config:

ControlMaster auto
ControlPath ~/.ssh/%r_%p_%h

host realhost
hostname realhost.myexample.com

host realhost2
hostname realhost2.myexample.com

host realhost3
hostname realhost3.myexample.com

The ControlPath statement is so the control socket names don't step on each other.

That's it, but to make it easy to manage, I wrote a wrapper script for 'ssh' on the client side. It understands that there are 'groups' of hosts (in this case realhost, realhost1, realhost2 comprise one group). When issuing 'sshwrapper realhost', if there are no open channels, all three are opened, and one session is begun. Next time it's run, it counts open connections per channel, and opens the new session in the channel with the fewest connections.

With one real, and two 'fake' hosts, I can connect 30 times before receiving an error. Logging in is extremely fast, except the initial time takes a second or two, as all three control channels are opened at that time.

Tags:

Ssh

Openssh