# Improve Concurrency on your SSH Bastion ### 1. **Increase `MaxSessions` on SSH Bastion** * **Purpose**: The `MaxSessions` parameter limits the number of concurrent sessions (logical channels) allowed over a single SSH connection. Increasing this value allows more port forwarding sessions to run simultaneously without opening multiple SSH connections. * **Action**: * Edit the SSH server configuration on the bastion host (`/etc/ssh/sshd_config`): ```plaintext MaxSessions 50 # Increase as necessary ``` * Restart the SSH server: ```bash sudo systemctl restart sshd ``` ### 2. **Increase `MaxStartups` on SSH Bastion** * **Purpose**: The `MaxStartups` parameter controls the number of simultaneous unauthenticated SSH connections allowed. Increasing this value prevents new connections from being rejected when a large number of SSH sessions are established. * **Action**: * Edit the SSH server configuration on the bastion host (`/etc/ssh/sshd_config`): ```plaintext MaxStartups 50:30:200 # Adjust for higher concurrency ``` * Restart the SSH server: ```bash sudo systemctl restart sshd ``` ### 3. **Increase System Resource Limits** * **Purpose**: System limits on file descriptors and processes can impact the number of concurrent SSH connections or tunnels. Increasing these limits can help support more concurrent sessions. * **Action**: * Check and increase the file descriptor limit (`ulimit -n`): ```bash ulimit -n 65535 ``` * Edit `/etc/security/limits.conf` to increase the limit for your user: ```plaintext your-username soft nofile 65535 your-username hard nofile 65535 ``` * Adjust systemd limits if needed (for example, `/etc/systemd/system/ssh.service`): ```plaintext [Service] LimitNOFILE=65535 LimitNPROC=65535 ``` * Reload systemd and restart SSH: ```bash sudo systemctl daemon-reexec sudo systemctl restart sshd ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.secoda.co/integrations/security/recommendations-to-improve-ssh-tunnel-concurrency-on-ssh-bastion.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.