Recommendations to Improve SSH Tunnel Concurrency on SSH Bastion

To improve concurrency and manage multiple SSH tunnels more efficiently, consider the following recommendations:

Purpose: The MaxSessions parameter limits the number of concurrent sessions (logical channels) allowed over a single SSH connection. Increasing this value allows more port forwarding sessions to run simultaneously without opening multiple SSH connections.
Action:
- Edit the SSH server configuration on the bastion host (/etc/ssh/sshd_config):
  MaxSessions 50 # Increase as necessary
- Restart the SSH server:
  sudo systemctl restart sshd

Purpose: The MaxStartups parameter controls the number of simultaneous unauthenticated SSH connections allowed. Increasing this value prevents new connections from being rejected when a large number of SSH sessions are established.
Action:
- Edit the SSH server configuration on the bastion host (/etc/ssh/sshd_config):
  MaxStartups 50:30:200 # Adjust for higher concurrency
- Restart the SSH server:
  sudo systemctl restart sshd

Purpose: System limits on file descriptors and processes can impact the number of concurrent SSH connections or tunnels. Increasing these limits can help support more concurrent sessions.
Action:
- Check and increase the file descriptor limit (ulimit -n):
  ulimit -n 65535
- Edit /etc/security/limits.conf to increase the limit for your user:
  your-username soft nofile 65535 your-username hard nofile 65535
- Adjust systemd limits if needed (for example, /etc/systemd/system/ssh.service):
  [Service] LimitNOFILE=65535 LimitNPROC=65535
- Reload systemd and restart SSH:
  sudo systemctl daemon-reexec sudo systemctl restart sshd

Last updated 5 months ago

Was this helpful?