How to limit simultaneous connections to an SSH server

SSH is resource-intensive, especially when transferring files using scp or other methods utilizing the SSH connection. It is because SSH connection is encrypted and is computationally expensive, where a single file transfer session could hog an entire CPU core. Each user could also be running commands on the SSH server, overutilizing the CPU and the I/O.

SSH server, by default, allows multiple active connections at any given time. Multiple SSH connections shouldn't be a concern for most servers, but if you're running a public server or a jump server/bastion host, you might need to set a cap to the allowed number of concurrent connections.

You can set a limit on the maximum number of users allowed to log in to the SSH server by configuring both MaxStartups and MaxSessions options in the server's sshd_config file.

Steps to limit concurrent connection on SSH server:

Open terminal application.

Open sshd_config file using your preferred text editor.

$ sudo vi /etc/ssh/sshd_config
[sudo] password for user:

Look for MaxStartups option and set the value to the maximum simultaneous connections to allow.

MaxStartups 10

MaxStartups
        Specifies the maximum number of concurrent unau‐
        thenticated connections to the SSH daemon.  Addi‐
        tional connections will be dropped until authenti‐
        cation succeeds or the LoginGraceTime expires for
        a connection.  The default is 10:30:100.

        Alternatively, random early drop can be enabled by
        specifying the three colon separated values
        start:rate:full (e.g. "10:30:60").  sshd(8) will
        refuse connection attempts with a probability of
        rate/100 (30%) if there are currently start (10)
        unauthenticated connections.  The probability in‐
        creases linearly and all connection attempts are
        refused if the number of unauthenticated connec‐
        tions reaches full (60).

Colon-separated value gives you more refined control. The following example will block 50% connection once it reaches 5, and will block 100% connection once the total is 10 concurrent connection.

MaxStartups 5:50:10

Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.

Look for MaxSessions option and set the value to the maximum simultaneous sessions to allow.

MaxSessions 5

MaxSessions
        Specifies the maximum number of open
        shell, login or subsystem (e.g. sftp)
        sessions permitted per network connec‐
        tion.  Multiple sessions may be estab‐
        lished by clients that support connection
        multiplexing.  Setting MaxSessions to 1
        will effectively disable session multi‐
        plexing, whereas setting it to 0 will
        prevent all shell, login and subsystem
        sessions while still permitting forward‐
        ing.  The default is 10.

Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.

Restart SSH service for changes to take effect.
```
$ sudo systemctl restart ssh
```
Related: How to start, restart, and stop the SSH server service

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.

Discuss the article:

Comment anonymously. Login not required.