sftp concurrent connection

networking ssh connection centos sftp

20,993

Solution 1

Increase the value of MaxSessions and MaxStartups in your sshd_config.

Exctract of : man sshd_config :

MaxSessions
         Specifies the maximum number of open sessions permitted per net-
         work connection.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated con-
         nections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values ``start:rate:full'' (e.g.
         "10:30:60").  sshd(8) will refuse connection attempts with a
         probability of ``rate/100'' (30%) if there are currently
         ``start'' (10) unauthenticated connections.  The probability
         increases linearly and all connection attempts are refused if the
         number of unauthenticated connections reaches ``full'' (60).

Solution 2

There are quite a few posts about "stalled scp and sftp connections", which seem to indicate that the scp client can be greedy with resources and network, to the degree it interferes with other connections, hence there is a work-around which is to make the client less aggressive by limit its "grabbing" of the bandwidth;

 scp -l 8192 SOURCE DESTINATION

If that option allows more connections to complete, then you would be looking at a final solution to deal with the per-connection resources of each client. (you might want to look at iptables rate-limiting, or some other traffic shaping tools...) but first you should run some tests using that option to see if the problem is directly related to network resource contention.

http://www.aixmind.com/?p=1371

20,993

John

Updated on September 18, 2022

Comments

John over 1 year

I have to setup my server to receive 20-30 concurrent sftp connections from different clients using same username. I've tried to test this simulation user connections with scp.

The problem is that after the 8th connection all other connections receive a - stalled notification.

1) what would be the settings on the server to disable any incoming connections; 2) is there any iptables/network settings that could cause a limitation like this? Besides all these incoming connection the server should handle about 100 concurrent apache users. Would the apache port 80 connection be in conflict with all the sftp uploading connections?

The server is a CentOS 5.8.
- gokva about 12 years
  
  can you paste the error message output in full?
gokva about 12 years

I don't see that option on my CentOS 5.8 boxes running openssh-server-4.3p2-82.el5 but it has arrived by Fedora 16 openssh-5.8p2-25.fc16.x86_64
gokva about 12 years

also, I seem to be open a bonkers load of connections if I really want to... $ netstat -antp | grep "192.168.1.254:22" | grep ESTABLISH | wc -l -> 31 so I guess that is why the developers added that option at some point