On Wed, 27 Sep 2017, Mike Tancsa wrote: > On 9/26/2017 9:07 PM, Peter Stuge wrote: > > Mike Tancsa wrote: > >> Without leaving the server at debug2 logging level, is there a way > >> to find out if I am hitting application limits vs OS limits ? > > > > If you run sshd under ktrace maybe you can spot resource limit errors > > for relevant syscalls in the kdump output. > > Thanks! Although in this case, the measurement seems pretty resource > intensive. I increased the MaxSessions and as well as MaxStartups and I > have the failure rate down to under 10 per day. So it seems based on > changing that, it is application limits ? > > I added > > MaxSessions 920 MaxSessions only really affects connection multiplexing - it's the limit of how many multiplexed sessions a single connection can support. Unless you're using multiplexing really heavily, this isn't likely to make much of a difference. > ClientAliveInterval 15 # get rid of procs sitting arround > MaxStartups 30:50:500 MaxStartups limits sshd processes in the pre-authentication state. If you're running lots of short-lived connections in parallel then you might need to adjust this. Note that the setting you've got there will deliberately drop 50% of new connections when more than 30 are in the pre-auth state. Moreover 500 unauthenticated connections is a pretty high number, I'd suggest you set MaxStartups=50:30:200 -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev