Improve Concurrency on your SSH Bastion
1. Increase MaxSessions
on SSH Bastion
MaxSessions
on SSH BastionPurpose: The
MaxSessions
parameter limits the number of concurrent sessions (logical channels) allowed over a single SSH connection. Increasing this value allows more port forwarding sessions to run simultaneously without opening multiple SSH connections.Action:
Edit the SSH server configuration on the bastion host (
/etc/ssh/sshd_config
):MaxSessions 50 # Increase as necessary
Restart the SSH server:
sudo systemctl restart sshd
2. Increase MaxStartups
on SSH Bastion
MaxStartups
on SSH BastionPurpose: The
MaxStartups
parameter controls the number of simultaneous unauthenticated SSH connections allowed. Increasing this value prevents new connections from being rejected when a large number of SSH sessions are established.Action:
Edit the SSH server configuration on the bastion host (
/etc/ssh/sshd_config
):MaxStartups 50:30:200 # Adjust for higher concurrency
Restart the SSH server:
sudo systemctl restart sshd
3. Increase System Resource Limits
Purpose: System limits on file descriptors and processes can impact the number of concurrent SSH connections or tunnels. Increasing these limits can help support more concurrent sessions.
Action:
Check and increase the file descriptor limit (
ulimit -n
):ulimit -n 65535
Edit
/etc/security/limits.conf
to increase the limit for your user:your-username soft nofile 65535 your-username hard nofile 65535
Adjust systemd limits if needed (for example,
/etc/systemd/system/ssh.service
):[Service] LimitNOFILE=65535 LimitNPROC=65535
Reload systemd and restart SSH:
sudo systemctl daemon-reexec sudo systemctl restart sshd
Last updated
Was this helpful?