SSH can be demanding on server resources, especially when handling multiple connections or file transfers. The encryption process used by SSH consumes significant CPU power, which can slow down the server. This is particularly concerning when the server handles many simultaneous connections.

By default, an SSH server allows multiple connections at once. In some situations, like on public or jump servers, this can lead to resource overuse. Limiting the number of connections can help maintain server performance and prevent slowdowns.

You can control the number of connections by adjusting the MaxStartups and MaxSessions settings in the sshd_config file. These settings let you define how many connections and sessions the server can handle at the same time.

Steps to set maximum SSH connections:

  1. Open the terminal application.
  2. Access the sshd_config file using a text editor.
    $ sudo vi /etc/ssh/sshd_config
    [sudo] password for user:
  3. Set the maximum number of concurrent unauthenticated connections by adjusting the MaxStartups option.
    MaxStartups 10
    MaxStartups
            Specifies the maximum number of concurrent unau‐
            thenticated connections to the SSH daemon.  Addi‐
            tional connections will be dropped until authenti‐
            cation succeeds or the LoginGraceTime expires for
            a connection.  The default is 10:30:100.
    
            Alternatively, random early drop can be enabled by
            specifying the three colon separated values
            start:rate:full (e.g. "10:30:60").  sshd(8) will
            refuse connection attempts with a probability of
            rate/100 (30%) if there are currently start (10)
            unauthenticated connections.  The probability in‐
            creases linearly and all connection attempts are
            refused if the number of unauthenticated connec‐
            tions reaches full (60).

    Colon-separated value gives you more refined control. The following example will block 50% connection once it reaches 5, and will block 100% connection once the total is 10 concurrent connection.

    MaxStartups 5:50:10

    Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.

  4. Define the maximum number of allowed sessions per connection by setting the MaxSessions option.
    MaxSessions 5
    MaxSessions
            Specifies the maximum number of open
            shell, login or subsystem (e.g. sftp)
            sessions permitted per network connec‐
            tion.  Multiple sessions may be estab‐
            lished by clients that support connection
            multiplexing.  Setting MaxSessions to 1
            will effectively disable session multi‐
            plexing, whereas setting it to 0 will
            prevent all shell, login and subsystem
            sessions while still permitting forward‐
            ing.  The default is 10.

    Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.

  5. Save the changes in the sshd_config file.
  6. Restart the SSH service to apply the new settings.
    $ sudo systemctl restart ssh
Discuss the article:

Comment anonymously. Login not required.