目前,我遇到了一个问题dropbear。我已将并发 ssh 会话的最大数量设置为 10,但我仍然可以设置ssh第 11 个会话。您能让我知道我做错了什么吗?
cat /proc/sys/kernel/pty/max
10
我使用的是64位平台。
答案1
SSH 服务器可以通过MaxSessions配置文件中的选项施加此类限制。然而,根据SSH 人
MaxSessions
Specifies the maximum number of open shell, login or subsystem
(e.g. sftp) sessions permitted per network connection. Multiple
sessions may be established by clients that support connection
multiplexing. Setting MaxSessions to 1 will effectively disable
session multiplexing, whereas setting it to 0 will prevent all
shell, login and subsystem sessions while still permitting for-
warding. The default is 10.
MaxStartups
Specifies the maximum number of **concurrent unauthenticated con-
nections to the SSH daemon.** Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10:30:100.
Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.
"10:30:60"). sshd(8) will refuse connection attempts with a
probability of ``rate/100'' (30%) if there are currently
``start'' (10) unauthenticated connections. The probability
increases linearly and all connection attempts are refused if the
number of unauthenticated connections reaches ``full'' (60).
Dropbear在客户端和服务器中实现完整的 SSH 版本 2 协议。所以,我相信你应该运行这样的命令:
ssh stream tcp nowait/3 root /usr/sbin/sshd sshd -i -4
这会将并发 ssh 连接数限制为 3。根据需要进行调整。
答案2
根据数小时的实验,Dropbear 不会通过 PAM 通过用户会话进行注册,因此为 dropbear 应用程序添加任何类型为会话的规则是没有意义的。不过我用 sshd 是成功的。此外,我还发现了其他人指出这一点的链接。