Re: tweaking max sessions / scaling

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 27 Sep 2017, Mike Tancsa wrote:

> On 9/26/2017 9:07 PM, Peter Stuge wrote:
> > Mike Tancsa wrote:
> >> Without leaving the server at debug2 logging level, is there a way
> >> to find out if I am hitting application limits vs OS limits ?
> > 
> > If you run sshd under ktrace maybe you can spot resource limit errors
> > for relevant syscalls in the kdump output.
> 
> Thanks! Although in this case, the measurement seems pretty resource
> intensive.  I increased the MaxSessions and as well as MaxStartups and I
> have the failure rate down to under 10 per day.  So it seems based on
> changing that, it is application limits ?
> 
> I added
> 
> MaxSessions 920

MaxSessions only really affects connection multiplexing - it's the limit
of how many multiplexed sessions a single connection can support.
Unless you're using multiplexing really heavily, this isn't likely to make
much of a difference.

> ClientAliveInterval 15 # get rid of procs sitting arround
> MaxStartups 30:50:500

MaxStartups limits sshd processes in the pre-authentication state. If
you're running lots of short-lived connections in parallel then you
might need to adjust this. Note that the setting you've got there will
deliberately drop 50% of new connections when more than 30 are in the
pre-auth state. Moreover 500 unauthenticated connections is a pretty
high number, I'd suggest you set MaxStartups=50:30:200

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux