Recommendations to Improve SSH Tunnel Concurrency on SSH Bastion
Recommendations to Improve SSH Tunnel Concurrency on SSH Bastion
To improve concurrency and manage multiple SSH tunnels more efficiently, consider the following recommendations:
1. Increase MaxSessions
on SSH Bastion
MaxSessions
on SSH BastionPurpose: The
MaxSessions
parameter limits the number of concurrent sessions (logical channels) allowed over a single SSH connection. Increasing this value allows more port forwarding sessions to run simultaneously without opening multiple SSH connections.Action:
Edit the SSH server configuration on the bastion host (
/etc/ssh/sshd_config
):MaxSessions 50 # Increase as necessary
Restart the SSH server:
sudo systemctl restart sshd
2. Increase MaxStartups
on SSH Bastion
MaxStartups
on SSH BastionPurpose: The
MaxStartups
parameter controls the number of simultaneous unauthenticated SSH connections allowed. Increasing this value prevents new connections from being rejected when a large number of SSH sessions are established.Action:
Edit the SSH server configuration on the bastion host (
/etc/ssh/sshd_config
):MaxStartups 50:30:200 # Adjust for higher concurrency
Restart the SSH server:
sudo systemctl restart sshd
3. Increase System Resource Limits
Purpose: System limits on file descriptors and processes can impact the number of concurrent SSH connections or tunnels. Increasing these limits can help support more concurrent sessions.
Action:
Check and increase the file descriptor limit (
ulimit -n
):ulimit -n 65535
Edit
/etc/security/limits.conf
to increase the limit for your user:your-username soft nofile 65535 your-username hard nofile 65535
Adjust systemd limits if needed (for example,
/etc/systemd/system/ssh.service
):[Service] LimitNOFILE=65535 LimitNPROC=65535
Reload systemd and restart SSH:
sudo systemctl daemon-reexec sudo systemctl restart sshd
Last updated
Was this helpful?