Score:0

Limit SSH max connections

ni flag

I have a server ( ubuntu 20.04 ) and need to limit max ssh active sessions (to decrease CPU usage ) ,i have added this

myuser   hard   maxlogins   1 

to /etc/security/limits.conf

but it doesn't work! how can I limit this?

Thanks.

in flag
SSH connections do not require an appreciable amount of system resources. How does this reduce your server load? Are you sure this is the correct solution?
Score:1
vn flag

Very much inspired by this article:

Open the file /etc/ssh/sshd_config in any text editor:

sudo nano /etc/ssh/sshd_config

Find the MaxStartups option and set the value to the maximum simultaneous connections to allow:

MaxStartups 1

From Manpage:

MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by specifying the three colon separated values ''start:rate:full'' (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of ''rate/100'' (30%) if there are currently ''start'' (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches ''full'' (60).

Find the MaxSessions option and set the value to the maximum simultaneous sessions to allow:

MaxSessions 1

From Manpage:

MaxSessions
Specifies the maximum number of open sessions permitted per network connection. The default is 10.

Restart the ssh service (or its alias sshd):

sudo systemctl restart ssh

This will allow one single connection attempt, as well as a single active session.

However as stated, it's questionable which effect this will have on CPU consumption.

in flag
Isn't it the daemon that needs restarting, sshd?
Artur Meinild avatar
vn flag
@pbhj `ssh` and `sshd` is the same service - it has an alias: `Alias=sshd.service`.
mastering avatar
ni flag
Thanks a lot , how can i limit for a user just ?
Artur Meinild avatar
vn flag
Your own solution with `/etc/security/limits.conf` should be the way to do it per user. I have no clue why that doesn't work for you.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.