Why not set OpenSSH's MaxSessions to 1000000?
There is always a reason why to limit anything. The 10
is "sane default". The less is for more restrictive use cases (preventing shell access or allowing only single channel), bumping it to more can also make a sense, if you really know, you will be issuing millions of sessions. I rarely open more than 4.
To the question:
Is there a reason to not just set it to 1000000?
max_sessions
variable has int
type, so the maximum possible value is 2147483647
. Nothing prevents you setting up your ideal million.
... but as already mentioned, there is no good reason to do that.
There is no significant security effect in using more sessions (once single session of attacker is opened, you are screwed), but there might be performance penalty when using more of them.
Is there a reason to not just set it to 1000000?
Yes. Because if you run a script that accidentally keeps consuming ssh sessions, you risk DoS
ing your own server. Do you really want to run into a situation where other applications on the same server are not able to open files anymore? The number of open file descriptors is limited by /proc/sys/fs/file-max
, and usually the default value is below 1M.
You should set it to the most you think would ever need plus a safety cushion, not to some arbitrarily huge value.