Improve Concurrency on your SSH Bastion

1. Increase MaxSessions on SSH Bastion

  • Purpose: The MaxSessions parameter limits the number of concurrent sessions (logical channels) allowed over a single SSH connection. Increasing this value allows more port forwarding sessions to run simultaneously without opening multiple SSH connections.

  • Action:

    • Edit the SSH server configuration on the bastion host (/etc/ssh/sshd_config):

      MaxSessions 50  # Increase as necessary
    • Restart the SSH server:

      sudo systemctl restart sshd

2. Increase MaxStartups on SSH Bastion

  • Purpose: The MaxStartups parameter controls the number of simultaneous unauthenticated SSH connections allowed. Increasing this value prevents new connections from being rejected when a large number of SSH sessions are established.

  • Action:

    • Edit the SSH server configuration on the bastion host (/etc/ssh/sshd_config):

      MaxStartups 50:30:200  # Adjust for higher concurrency
    • Restart the SSH server:

      sudo systemctl restart sshd

3. Increase System Resource Limits

  • Purpose: System limits on file descriptors and processes can impact the number of concurrent SSH connections or tunnels. Increasing these limits can help support more concurrent sessions.

  • Action:

    • Check and increase the file descriptor limit (ulimit -n):

      ulimit -n 65535
    • Edit /etc/security/limits.conf to increase the limit for your user:

      your-username soft nofile 65535
      your-username hard nofile 65535
    • Adjust systemd limits if needed (for example, /etc/systemd/system/ssh.service):

      [Service]
      LimitNOFILE=65535
      LimitNPROC=65535
    • Reload systemd and restart SSH:

      sudo systemctl daemon-reexec
      sudo systemctl restart sshd

Last updated

Was this helpful?