sftp concurrent connection
Solution 1
Increase the value of MaxSessions
and MaxStartups
in your sshd_config
.
Exctract of : man sshd_config
:
MaxSessions
Specifies the maximum number of open sessions permitted per net-
work connection. The default is 10.
MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.
"10:30:60"). sshd(8) will refuse connection attempts with a
probability of ``rate/100'' (30%) if there are currently
``start'' (10) unauthenticated connections. The probability
increases linearly and all connection attempts are refused if the
number of unauthenticated connections reaches ``full'' (60).
Solution 2
There are quite a few posts about "stalled scp and sftp connections", which seem to indicate that the scp client can be greedy with resources and network, to the degree it interferes with other connections, hence there is a work-around which is to make the client less aggressive by limit its "grabbing" of the bandwidth;
scp -l 8192 SOURCE DESTINATION
If that option allows more connections to complete, then you would be looking at a final solution to deal with the per-connection resources of each client. (you might want to look at iptables rate-limiting, or some other traffic shaping tools...) but first you should run some tests using that option to see if the problem is directly related to network resource contention.
http://www.aixmind.com/?p=1371
Related videos on Youtube
John
Updated on September 18, 2022Comments
-
John over 1 year
I have to setup my server to receive 20-30 concurrent sftp connections from different clients using same username. I've tried to test this simulation user connections with scp.
The problem is that after the 8th connection all other connections receive a - stalled notification.
1) what would be the settings on the server to disable any incoming connections; 2) is there any iptables/network settings that could cause a limitation like this? Besides all these incoming connection the server should handle about 100 concurrent apache users. Would the apache port 80 connection be in conflict with all the sftp uploading connections?
The server is a CentOS 5.8.
-
gokva about 12 yearscan you paste the error message output in full?
-
-
gokva about 12 yearsI don't see that option on my CentOS 5.8 boxes running
openssh-server-4.3p2-82.el5
but it has arrived by Fedora 16openssh-5.8p2-25.fc16.x86_64
-
gokva about 12 yearsalso, I seem to be open a bonkers load of connections if I really want to...
$ netstat -antp | grep "192.168.1.254:22" | grep ESTABLISH | wc -l
->31
so I guess that is why the developers added that option at some point