目次

2022.01.24 About SSHD MaxStartups

I finally found the cause of occasionally being unable to SSH into the server, after repeatedly trying to connect multiple times. It turned out that MaxStartups was the culprit.

Although it was indeed a server with frequent connections, increasing MaxSessions didn't solve the problem, so I was troubled for a long time until I finally resolved it.

Error Log

The following error was output to /var/log/secure:

Received disconnect from 192.168.XX.XX: 11:
pam_unix(sshd:session): session opened for user hogehoge by (uid=0)
pam_unix(sshd:session): session closed for user root

Response

Increasing MaxStartups in sshd_config resolved the issue.

MaxStartups (Maximum Startup)
Specifies how many unauthenticated connections the SSH daemon can accept at maximum.
Connections exceeding this value (unauthenticated stage) will be discarded.
This state continues until authentication of already connected clients is successful or until LoginGraceTime expires.

The default setting for systems like CentOS 7 is 10:30:100, where unauthenticated connections exceeding 10 are rejected with a 30% probability, and all connections are rejected once it reaches 100.

Default setting method
MaxStartups <start>:<connection refusal probability>:<limit>

Setting only the limit
MaxStartups <limit>

I changed it to the following:
MaxStartups 100