How to throttle SSH connection attempts

Limiting concurrent SSH connection attempts reduces the impact of brute-force attacks, aggressive scanners, and misbehaving automation. Controlling how many unauthenticated sessions may start in parallel helps protect CPU, memory, and network resources while keeping legitimate administration paths available.

OpenSSH implements throttling for new inbound sessions through the MaxStartups directive in /etc/ssh/sshd_config. When too many unauthenticated sessions exist at the same time, sshd begins to drop or refuse additional connection attempts according to the configured thresholds, before authentication logic or shell startup is reached.

Values that are too strict can surprise administrators connecting from shared IP addresses, bastion hosts, or automation farms, especially when combined with other limits such as MaxSessions, LoginGraceTime, and MaxAuthTries. The steps below assume OpenSSH running on a systemd-based Linux distribution where the service unit is named ssh; environments using sshd require only minor adjustments to the service commands.

1. Open a terminal with a sudo-capable account on the Linux server.

   $ whoami
   user

2. Create a timestamped backup of /etc/ssh/sshd_config before editing.

   $ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.$(date +%Y%m%d%H%M%S)

   Incorrect MaxStartups values or syntax can block new SSH logins until sshd is fixed and restarted, so a usable backup simplifies recovery.

3. Open /etc/ssh/sshd_config in a text editor.

   $ sudo nano /etc/ssh/sshd_config

4. Add or adjust the MaxStartups directive to set the desired throttling limits.

   MaxStartups 10:30:60

   In the form MaxStartups start:rate:full, start is the number of unauthenticated connections allowed, rate is the percentage (0–100) of additional attempts that are randomly dropped, and full is the hard cap at which all new unauthenticated connections are dropped.

5. Optionally use a single integer MaxStartups value to impose a hard cap without probabilistic dropping.

   MaxStartups 20

   Single-value MaxStartups limits unauthenticated connections to the specified number and drops all further attempts immediately.

6. Ensure the editor saves the updated /etc/ssh/sshd_config file.
7. Test the sshd configuration syntax for errors.

   $ sudo sshd -t

   Absence of output indicates that the configuration parses successfully and sshd can start with the new settings.

   Related: How to check and validate the SSH server configuration

8. Reload the ssh service to apply the updated limits without interrupting existing sessions.

   $ sudo systemctl reload ssh

   On RHEL and similar systems the service unit is often named sshd so the command becomes sudo systemctl reload sshd.

   Related: How to manage the SSH server service with systemctl in Linux

9. Confirm that MaxStartups is active by inspecting the effective sshd configuration.

   $ sudo sshd -T | grep -E "^maxstartups"
   maxstartups 10:30:60

10. Optionally monitor the SSH service status and recent log messages for dropped or refused connection attempts.

    $ sudo systemctl status ssh
    ● ssh.service - OpenBSD Secure Shell server
         Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: enabled)
         Active: active (running) since Sat 2026-01-10 12:19:38 +08; 16h ago
    TriggeredBy: ● ssh.socket
           Docs: man:sshd(8)
                 man:sshd_config(5)
        Process: 13942 ExecReload=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
        Process: 13943 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
       Main PID: 10704 (sshd)
          Tasks: 1 (limit: 4546)
         Memory: 2.8M (peak: 19.4M)
            CPU: 325ms
         CGroup: /system.slice/ssh.service
                 └─10704 \"sshd: /usr/sbin/sshd -D [listener] 0 of 10-60 startups\"
    ##### snipped #####

    Connection attempts exceeding MaxStartups limits appear as refused or dropped sessions in system logs such as journalctl -u ssh or /var/log/auth.log.